CVE-2006-7066

Sažetak

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.

Reference

http://blogs.securiteam.com/index.php/archives/554
http://browserfun.blogspot.com/2006/07/mobb-30-orphan-object-properties.html
http://www.securityfocus.com/bid/19228
http://www.osvdb.org/27533
http://archives.neohapsis.com/archives/bugtraq/2009-07/0193.html
http://websecurity.com.ua/3130/
https://exchange.xforce.ibmcloud.com/vulnerabilities/28068

CVSS

Base:	7.1
Impact:	6.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:N/A:C

Zadnje važnije ažuriranje

13-12-2021 - 18:58

Objavljeno

02-03-2007 - 21:18