QwikSec

Security Database

CVE

CWE

Training

CVE-2006-7066

Published: Feb 27, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20090725 DoS vulnerabilities in Internet Explorer

mailing-list

x_refsource_BUGTRAQ

http://websecurity.com.ua/3130/

x_refsource_MISC

vdb-entry

x_refsource_BID

http://browserfun.blogspot.com/2006/07/mobb-30-orphan-object-properties.html

x_refsource_MISC

ie-deleted-frame-dos(28068)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_OSVDB

http://blogs.securiteam.com/index.php/archives/554

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.