PT-2007-2255 · Microsoft · Windows 2000+2
Amesianx
+1
·
Published
2007-02-07
·
Updated
2024-02-14
·
CVE-2007-0811
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions:
Microsoft Internet Explorer version 6.0 SP1 on Windows 2000
Microsoft Internet Explorer version 6.0 SP2 on Windows XP
Description:
The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash. This can be achieved via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving
getElementById.Recommendations:
For Microsoft Internet Explorer version 6.0 SP1 on Windows 2000, consider applying a configuration change to restrict the execution of JavaScript code.
For Microsoft Internet Explorer version 6.0 SP2 on Windows XP, consider applying a configuration change to restrict the execution of JavaScript code.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Internet Explorer
Windows 2000
Windows Xp