PT-2006-4790 · Microsoft · Windows Xp+1

Published

2006-07-31

Updated

2017-07-20

CVE-2006-3944

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer version 6 on Windows XP SP2

Description The issue allows remote attackers to cause a denial of service, resulting in a crash. This can be achieved by creating a Forms.ListBox.1 or Forms.ListBox.1 object and setting the ListWidth property to specific values, such as 0x7fffffff, which triggers an integer overflow exception, or 0x7ffffffe, which triggers a null dereference.

Recommendations For Microsoft Internet Explorer version 6 on Windows XP SP2, consider avoiding the use of the ListWidth property with the specified values until a fix is available. As a temporary workaround, restrict the creation of Forms.ListBox.1 objects to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3944

Affected Products

Internet Explorer

Windows Xp

PT-2006-4790 · Microsoft · Windows Xp+1

CVE-2006-3944

Related Identifiers

Affected Products

References · 7