Vulnerabilities > CVE-2004-2434 - Denial-Of-Service vulnerability in Microsoft IE 6.0

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
microsoft
exploit available

Summary

Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using "Save As" and Internet Explorer prepares an error message with an attacker-controlled format string.

Vulnerable Configurations

Part Description Count
Application
Microsoft
1

Exploit-Db

descriptionMS Internet Explorer Remote Null Pointer Crash (mshtml.dll). CVE-2004-2434. Dos exploit for windows platform
idEDB-ID:376
last seen2016-01-31
modified2004-08-04
published2004-08-04
reporterN/A
sourcehttps://www.exploit-db.com/download/376/
titleMicrosoft Internet Explorer Remote Null Pointer Crash mshtml.dll