Microsoft Internet Explorer FONT tags denial of service
| ie-font-dos (17911) |  Medium Risk |
Description:
Microsoft Internet Explorer versions 6.0 running on Microsoft Windows XP and 6.0.2 running on Microsoft Windows 2000 are vulnerable to a denial of service attack. By creating a specially-crafted Web page containing certain FONT tags and a vertical-align style declaration that specifies any property, except baseline, a remote attacker can cause Internet Explorer to crash, once the Web page is visited. An attacker could exploit this vulnerability by hosting the malicious Web page on a Web site or by sending it to a potential victim as an HTML email.
Consequences:
Denial of Service
Remedy:
No remedy available as of July 9, 2011.
References:
- Jehiah Czebotar Web site: IE vertical-align:top vulnerability.
- BID-11536: Microsoft Internet Explorer Font Tag Denial Of Service Vulnerability
Platforms Affected:
- Microsoft Internet Explorer 6.0 SP2
- Microsoft Internet Explorer 6.0 SP1
- Microsoft Internet Explorer 6.0
Reported:
Oct 26, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net