| Vulnerability Name: | CVE-2005-4717 (CCN-25284) | ||||||||
| Assigned: | 2005-11-01 | ||||||||
| Published: | 2005-11-01 | ||||||||
| Updated: | 2021-07-23 | ||||||||
| Summary: | Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Tue Nov 01 2005 - 11:00:49 CST new IE bug (confirmed on ALL windows) Source: FULLDISC Type: Exploit 20051101 new IE bug (confirmed on ALL windows) Source: CCN Type: Full-Disclosure Mailing List, Fri Nov 04 2005 - 17:33:29 CST RE: [Full-disclosure] new IE bug (confirmed on ALL windows) Source: FULLDISC Type: UNKNOWN 20051104 RE: new IE bug (confirmed on ALL windows) Source: MITRE Type: CNA CVE-2005-4717 Source: CCN Type: OSVDB ID: 20886 Microsoft IE Unspecified Margin/Padding Null Pointer Dereference DoS Source: BID Type: Exploit 15268 Source: CCN Type: BID-15268 Microsoft Internet Explorer Malformed HTML Parsing Denial of Service Vulnerability Source: XF Type: UNKNOWN ie-html-css-dos(25284) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||