Vulnerability Description
Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Ie | 6.0 |
| Microsoft | Internet Explorer | 6.0 |
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows 2003 Server | sp1 |
| Microsoft | Windows Nt | 4.0 |
| Microsoft | Windows Xp | All versions |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0673.htmlExploit
- http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0127.html
- http://www.securityfocus.com/bid/15268Exploit
- http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0673.htmlExploit
- http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0127.html
- http://www.securityfocus.com/bid/15268Exploit
FAQ
What is CVE-2005-4717?
CVE-2005-4717 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash...
How severe is CVE-2005-4717?
CVE-2005-4717 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4717?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Ie, Microsoft Internet Explorer, Microsoft Windows 2000, Microsoft Windows 2003 Server, Microsoft Windows Nt.