CVE-2007-0612: Null Pointer Dereference
First published: Wed Jan 31 2007(Updated: )
Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll; or the (12) TriEditDocument.TriEditDocument or (13) TriEditDocument.TriEditDocument.1 objects in (b) triedit.dll, which cause a NULL pointer dereference.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Internet Explorer | =6.0-sp1 | |
| Microsoft Internet Explorer | =5.0_ta3 | |
| Microsoft Internet Explorer | =7.0 | |
| Internet Explorer | =5.0.1 | |
| Internet Explorer | =5.0.1-sp4 | |
| Internet Explorer | =5.0.1-sp1 | |
| Internet Explorer | =5.5 | |
| Internet Explorer | =6.0 | |
| Internet Explorer | =7.0-beta1 | |
| Internet Explorer | =7.0-beta2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052057.html
- http://www.determina.com/security.research/vulnerabilities/activex-bgcolor.html
- http://www.securityfocus.com/bid/22288
- http://securityreason.com/securityalert/2199
- http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0547.html
- http://osvdb.org/32628
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31867
- http://www.securityfocus.com/archive/1/458443/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2007-0612?
CVE-2007-0612 is rated as a denial of service vulnerability that can crash Internet Explorer.
How do I fix CVE-2007-0612?
To fix CVE-2007-0612, users should update their Internet Explorer to the latest version that has addressed this vulnerability.
Which versions of Internet Explorer are affected by CVE-2007-0612?
CVE-2007-0612 affects multiple versions of Internet Explorer including 5.0, 5.5, 6.0, and 7.0.
What type of attack does CVE-2007-0612 enable?
CVE-2007-0612 enables remote attackers to cause a denial of service by manipulating certain ActiveX properties.
Is CVE-2007-0612 exploitable over the internet?
Yes, CVE-2007-0612 can be exploited by remote attackers via specially crafted web content accessed through Internet Explorer.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft internet explorer
- version/microsoft internet explorer/6.0-sp1
- version/microsoft internet explorer/5.0_ta3
- version/microsoft internet explorer/7.0
- canonical/internet explorer
- version/internet explorer/5.0.1
- version/internet explorer/5.0.1-sp4
- version/internet explorer/5.0.1-sp1
- version/internet explorer/5.5
- version/internet explorer/6.0
- version/internet explorer/7.0-beta1
- version/internet explorer/7.0-beta2