GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Severe fuckup in IE and other Micro$uc$ products

Kenneth K · 05-05-2003, 06:18 AM

A vulnerability identified in a library included in Windows XP and Internet Explorer version 4.0 and newer can be exploited to cause a DoS (Denial of Service) on certain applications.

The vulnerability is caused due to a NULL pointer dereference bug in Microsoft Shell Light-Weight Utility Library ("shlwapi.dll"). A malicious person can exploit the vulnerability by constructing a special HTML document, which will crash applications using the vulnerable library.

An example was provided in the original advisory:

(html)
(form)
(input type crash)
(/form)
(/html)

Read the full buginfo here:
http://www.secunia.com/advisories/8642/

05-05-2003, 06:18 AM
Kenneth K Confirmed User Join Date: Jan 2003 Location: 123Content.com, Denmark Posts: 459	Severe fuckup in IE and other Micro$uc$ products A vulnerability identified in a library included in Windows XP and Internet Explorer version 4.0 and newer can be exploited to cause a DoS (Denial of Service) on certain applications. The vulnerability is caused due to a NULL pointer dereference bug in Microsoft Shell Light-Weight Utility Library ("shlwapi.dll"). A malicious person can exploit the vulnerability by constructing a special HTML document, which will crash applications using the vulnerable library. An example was provided in the original advisory: (html) (form) (input type crash) (/form) (/html) Read the full buginfo here: http://www.secunia.com/advisories/8642/ __________________ 123 Content - Formerly known as 1st Content \| ICQ: 128732055