Info

Disclosure

Jul 23, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Microsoft Internet Explorer contains a flaw that may allow a remote denial of service. The issue is triggered when a user visits a malicious web site that instanciates a Form 2.0 ActiveX component, and will result loss of availability of the browser.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Uninstall Microsoft Office 2003 or disable active scripting or disable activeX controls.

Products

Microsoft Corporation	Internet Explorer	7.0 Beta3
		6

References

Bugtraq ID: 19113
CVE ID: 2006-3944 (see also: NVD)
Metasploit ID: 27372
ISS X-Force ID: 27931
Other Advisory URL: http://browserfun.blogspot.com/2006/07/mobb-24-formslistbox1-listwidth.html
http://www3.ca.com/be/securityadvisor/vulninfo/Vuln.aspx?ID=34507
Generic Exploit URL: http://metasploit.com/users/hdm/tools/browserfun/mobb_024.html
Keyword: MoBB #24

Credit

H D Moore - hdmmetasploit.com - DigitalOffense

Direct URL: http://osvdb.org/27372

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Internet Explorer

References

Credit