CVE-2007-0612

Microsoft IE - Denial of Service

Title source: rule

Description

Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Alexander Sotirov · htmldoswindows

https://www.exploit-db.com/exploits/29536

View Code ZIP pw:eip

References (8)

[Third Party Advisory] http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0547.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/458443/100/0/threaded

[Third Party Advisory, VDB Entry] http://osvdb.org/32628

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/31867

[Third Party Advisory] http://securityreason.com/securityalert/2199

[Mailing List] http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052057.html

[Exploit] http://www.securityfocus.com/bid/22288

[Various Sources] http://www.determina.com/security.research/vulnerabilities/activex-bgcolor.html

Scores

EPSS 0.5387

EPSS Percentile 98.0%

Details

Status published

Products (7)

microsoft/ie 5.0_ta3

microsoft/ie 6.0 sp1

microsoft/ie 7.0

microsoft/internet_explorer 5.0.1 (3 CPE variants)

microsoft/internet_explorer 5.5

microsoft/internet_explorer 6.0

microsoft/internet_explorer 7.0 beta1 (2 CPE variants)

Published Jan 31, 2007

Tracked Since Feb 18, 2026