Intrusion Prevention

MS.IE.TriEditDocument.URL.Property.NULL.Dereference

Description

This indicates an attack attempt against a denial of service vulnerability in Microsoft Internet Explorer.
The vulnerability is caused by a NULL pointer dereference that can occur when processing a malformed TriEditDocument ActiveX object with the "URL" property set.
It allows remote attackers to cause a denial of service (application crash) by accessing the URL property of a TriEditDocument.

Affected Products

Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Upgrade to the latest version, available from the website.
http://windows.microsoft.com/en-US/internet-explorer/products/ie/home

CVE References

CVE-2006-3591

Other References

27675