Intrusion Prevention

MS.IE.Nested.OBJECT.Tag.Handling.Memory.Corruption

Description

Indicates a possible attempt at exploiting a bug in Microsoft Internet Explorer which leads to a denial of service (crash) or the execution of arbitrary code. The vulnerability is found when using nested OBJECT tags, which can trigger invalid pointer dererences including NULL dereferences.

Affected Products

Microsoft Internet Explorer 6.0 SP2.

Impact

System compromise or Denial of service.

Recommended Actions

Microsoft has released a security update that fixes this vulnerability.
http://www.microsoft.com/technet/security/Bulletin/MS06-021.mspx

CVE References

CVE-2006-1992