First published: Fri Jul 14 2006(Updated: )
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the URL property of a TriEditDocument.TriEditDocument object before it has been initialized, which triggers a NULL pointer dereference.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Internet Explorer | =6.0 | |
Internet Explorer | =6.0-sp1 | |
Internet Explorer | =6.0-sp2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2006-3591 is classified as a denial of service vulnerability that can cause application crashes.
To mitigate CVE-2006-3591, users should upgrade to a newer version of Internet Explorer or apply any available security patches.
CVE-2006-3591 affects Internet Explorer 6.0, as well as 6.0 SP1 and 6.0 SP2.
CVE-2006-3591 is caused by accessing the URL property of an uninitialized TriEditDocument object, resulting in a NULL pointer dereference.
Remote attackers can exploit CVE-2006-3591 by triggering the application crash through malicious web content.