Intrusion Prevention

MS.IE.HTML.Frameset.Memory.Corruption

Description

This indicates an attack attempt against a Memory Corruption vulnerability in Microsoft Internet Explorer.
The vulnerability is caused by an error when the vulnerable software fails to handle exceptional conditions in a proper manner. It allows a remote attacker to cause a Denial of Service condition via sending a crafted web page.

Affected Products

Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1
Internet Explorer 6 for Microsoft Windows XP Service Pack 2
Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Apply the latest update from the vendor.
Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
http://www.microsoft.com/downloads/details.aspx?FamilyId=44A8C303-B46C-4CCE-8442-D8A1CF1561DC&displaylang=en
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=B6E09C27-CE26-494F-AD2A-6C9A8C72453F&displaylang=en
Internet Explorer 6 for Microsoft Windows XP Service Pack 2
http://www.microsoft.com/downloads/details.aspx?FamilyId=CDB85BCA-0C17-44AA-B74E-F01B5392BB31
Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=D30209FA-9994-4F1B-B6D6-4BACC328135A&displaylang=en
Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
http://www.microsoft.com/downloads/details.aspx?FamilyId=FFE108B8-05C9-4B5E-A8A4-042F49068972
Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=5C2A23AC-3F2E-4BEC-BE16-4B45B44C6346
Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=0CE7F66D-4D83-4090-A034-9BBE286D96FA

CVE References

CVE-2006-3637