CVE-2006-7066 Information

Description

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe deleting the frame by setting its location.href to about:blank then accessing a property of the object within the deleted frame which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.

Reference

http://archives.neohapsis.com/archives/bugtraq/2009-07/0193.html http://blogs.securiteam.com/index.php/archives/554 http://browserfun.blogspot.com/2006/07/mobb-30-orphan-object-properties.html http://websecurity.com.ua/3130/ http://www.osvdb.org/27533 http://www.securityfocus.com/bid/19228 https://exchange.xforce.ibmcloud.com/vulnerabilities/28068