OSVDB ID: 27475

Title: Microsoft IE Nested Objects Exception Handler Unspecified Memory Corruption

Info

Disclosure

Apr 22, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

May 14, 2006

Description

Internet Explorer contains a flaw that may allow a malicious user to execute arbitrary code. This issue is caused by a memory corruption error within the handling of certain "exceptional conditions". The error occurs in mshtml.dll when the browser encounters a set of nested OBJECT tags which triggers a NULL dereference.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability. (See MS06-021 (KB916281))

Products

Microsoft Corporation

Internet Explorer

6.0

References

Security Tracker: 1016291
Bugtraq ID: 17658 17820
Secunia Advisory ID: 19762
CVE ID: 2006-1992 (see also: NVD) 2006-2218 (see also: NVD)
SCIP VulDB ID: 2186 2292
CERT VU: 338828
Microsoft Knowledge Base Article: 916281
VUPEN Advisory: ADV-2006-2319
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0261.html
Other Advisory URL: http://secunia.com/secunia_research/2006-41/advisory
Microsoft Security Bulletin: MS06-021

Credit

Secunia Research - -
Andreas Sandblad - assecunia.com - Secunia Research
Michal Zalewski - lcamtufdione.ids.pl - Personal page

Direct URL: http://osvdb.org/27475