Microsoft Internet Explorer 'li' Element DoS Vulnerability - Sep09 Network Vulnerability

Summary

This host has Internet Explorer installed and is prone to Denial of Service vulnerability.

Impact

Successful exploitation could allow remote attackers can cause the application to crash. Impact Level: Application

Solution

Upgrade to Internet Explorer version 8 or 8 beta 2 http://www.microsoft.com/windows/internet-explorer/default.aspx

Insight

Error exists when application fails to handle a crafted JavaScript code, that calls 'createElement' to create an instance of the 'li' element, and then calls 'setAttribute' to set the value attribute.

Affected

Microsoft, Internet Explorer version 6.x on Windows XP SP2/SP3

References

http://downloads.securityfocus.com/vulnerabilities/exploits/36070-1.html
http://downloads.securityfocus.com/vulnerabilities/exploits/36070-3.txt
https://connect.microsoft.com/IE/feedback/ViewFeedback.aspx?FeedbackID=338599

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-3019
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apple Safari Malformed URI Remote DoS Vulnerability (Win)
Denial Of Service Vulnerability in PHP April-09
Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Linux)
Django Forms Library Algorithmic Complexity Vulnerability
ClamAV 'cli_pdf()' PDF File Processing Denial Of Service Vulnerability

Take action and discover your vulnerabilities