Intrusion Prevention

MS.IE.Font.Tag.DoS

Description

This indicates a possible exploit of a Font tag denial of service vulnerability in Microsoft Internet Explorer.
A vulnerability is reported in Microsoft Internet Explorer that may allow an attacker to crash the browser when encountering and rendering certain font tags. This is due to the browser's failure to handle conditions such as certain font tags, a vertical-align style declaration that specifies any property except baseline and a tag which modifies the text style (ie: strong, em, code?). To exploit this, an attacker may specially craft a malicious web page and convince a victim to open it. Internet Explorer, and all instances of Internet Explorer that are spawned from the instance used to view the malicious page, will crash once the malicious web page is clicked.

Affected Products

Microsoft Internet Explorer 6.0 SP2 and earlier versions.

Impact

Denial of Service.

Recommended Actions

Apply the most recent upgrades or patches from the vendor.