Info

Disclosure

Jul 19, 2006

Discovery

Unknown

Dates

Exploit

Jul 19, 2006

Solution

Unknown

Description

Microsoft Internet Explorer contains a flaw that may allow a malicious user to remotely crash an instance of Internet Explorer. The issue is triggered by a null dereference when an ActiveX object is created for Microsoft Office Outlook View Control. This could allow an attacker to create a specially crafted web page that would crash Internet Explorer resulting in loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Other
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Microsoft Corporation

Internet Explorer

6.0.2900.2180.x

References

Bugtraq ID: 19079
CVE ID: 2006-3910 (see also: NVD)
Metasploit ID: 27112
VUPEN Advisory: ADV-2006-2915
Other Advisory URL: http://browserfun.blogspot.com/2006/07/mobb-20-ovctl-newdefaultitem.html
Generic Exploit URL: http://metasploit.com/users/hdm/tools/browserfun/mobb_020.html
Keyword: MoBB #20

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/27112