CVE-2006-3510 Information

Description

The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen then triggers a buffer over-read.

Reference

http://browserfun.blogspot.com/2006/07/mobb-8-rdsdatacontrol-url.html http://browserfun.blogspot.com/2006/07/mobb-8-rdsdatacontrol-url.html http://www.osvdb.org/26955 http://www.securityfocus.com/bid/18900 http://www.vupen.com/english/advisories/2006/2718 https://exchange.xforce.ibmcloud.com/vulnerabilities/27621 ie-rdsdatacontrol-url-dos(27621)