Microsoft Internet Explorer 'IFRAME' Denial Of Service Vulnerability Network Vulnerability

Summary

This host is installed with Internet Explorer and is prone to Denial Of Service vulnerability.

Impact

Successful exploitation will allow remote attackers to cause a denial of service. Impact Level: Apllication

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

The flaw is due to improper handling of an 'IFRAME' element with a mailto: URL in its 'SRC' attribute, which allows remote attackers to consume resources via an HTML document with many 'IFRAME' elements.

Affected

Microsoft Internet Explorer version 6.0.2900.2180, 8.0.7600.16385, and 7.0.5730.13 prior.

References

http://websecurity.com.ua/4206/
http://www.securityfocus.com/archive/1/archive/1/511327/100/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1991
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Denial of Service (DoS) in Microsoft SMS Client
ClamAV LZH File Unpacking Denial of Service Vulnerability (Linux)
Firefly MediaServer HTTP Header Multiple DoS Vulnerabilities
Apple Safari Denial of Service Vulnerability (Win) - Apr09
Apache Subversion 'mod_dav_svn' Module Multiple DoS Vulnerabilities

Take action and discover your vulnerabilities