Microsoft Internet Explorer 'findText()' Unicode Parsing DoS Vulnerability Network Vulnerability

Summary

This host has Internet Explorer installed and is prone to Denial of Service vulnerability.

Impact

Successful exploitation could allow remote attackers to cause the application to crash. Impact Level: Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

The flaw is due to error in mshtml.dll file and it can causes while calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1.

Affected

Microsoft, Internet Explorer version 7.x/8.x

Severity

Classification

CVE CVE-2009-2655
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Firefox XUL Parsing Denial of Service Vulnerability (Linux)
ClamAV LZH File Unpacking Denial of Service Vulnerability (Linux)
EtherApe RPC Packet Processing Denial of Service Vulnerability
DoSable squid proxy server
Apache Subversion 'mod_dav_svn' log REPORT Request DoS Vulnerability

Take action and discover your vulnerabilities