CVE-2010-1127

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 6 through 7

Description The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash, via crafted JavaScript code. This can be achieved by setting the outerHTML or value property of an object returned by the createElement method.

Recommendations For Microsoft Internet Explorer versions 6 through 7, consider disabling the execution of JavaScript code from untrusted sources as a temporary workaround until a patch is available. Restrict access to the createElement method to minimize the risk of exploitation. Avoid using the outerHTML and value properties of objects returned by createElement in JavaScript code until the issue is resolved.