First published: Tue Jul 11 2006(Updated: )
Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the fonts property of the HtmlDlgSafeHelper object, which triggers a null dereference.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Internet Explorer | =6.0 | |
Internet Explorer | =6.0-sp1 | |
Internet Explorer | =6.0-sp2 | |
Microsoft Windows XP | =sp2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2006-3511 is classified as a denial-of-service vulnerability with a moderate severity level.
CVE-2006-3511 allows remote attackers to crash Internet Explorer 6 by exploiting a null dereference through the HtmlDlgSafeHelper object's fonts property.
CVE-2006-3511 affects Internet Explorer 6.0 and its service packs, specifically 6.0-sp1 and 6.0-sp2.
To mitigate CVE-2006-3511, consider upgrading to a more recent version of Internet Explorer or applying any security patches provided by Microsoft.
CVE-2006-3511 specifically affects Internet Explorer 6, but Windows XP SP2 itself is not directly vulnerable as it does not include the HtmlDlgSafeHelper object.