CVE-2007-0612

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version

Description The issue allows remote attackers to cause a denial of service, specifically an Internet Explorer crash, by accessing certain properties in various objects. These properties include bgColor, fgColor, linkColor, alinkColor, vlinkColor, and defaultCharset in objects such as giffile, htmlfile, jpegfile, mhtmlfile, ODCfile, pjpegfile, pngfile, xbmfile, xmlfile, xslfile, and wdfile in mshtml.dll, as well as TriEditDocument.TriEditDocument or TriEditDocument.TriEditDocument.1 objects in triedit.dll. This results in a NULL pointer dereference.

Recommendations For Microsoft Windows versions prior to the fixed version, consider disabling access to the mshtml.dll and triedit.dll libraries as a temporary workaround to minimize the risk of exploitation. Restrict the use of the vulnerable objects and properties until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.