CVE-2007-0612 Information

Description

Multiple ActiveX controls in Microsoft Windows 2000 XP 2003 and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor fgColor linkColor alinkColor vlinkColor or defaultCharset properties in the (1) giffile (2) htmlfile (3) jpegfile (4) mhtmlfile (5) ODCfile (6) pjpegfile (7) pngfile (8) xbmfile (9) xmlfile (10) xslfile or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll which cause a NULL pointer dereference.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0547.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052057.html http://osvdb.org/32628 http://securityreason.com/securityalert/2199 http://www.determina.com/security.research/vulnerabilities/activex-bgcolor.html http://www.securityfocus.com/archive/1/458443/100/0/threaded http://www.securityfocus.com/bid/22288 https://exchange.xforce.ibmcloud.com/vulnerabilities/31867