Intrusion Prevention

MS.IE.ADODB.Recordset.Filter.DoS

Description

This indicates an attempt to exploit a denial of service vulnerability in Microsoft Internet Explorer
The vulnerability is a result of a NULL pointer dereference error in the Microsoft Data Access ActiveX "msado15.dll" object. It can be triggered by a specially crafted "ADODB.Recordset Filter Property". It can be exploited by attackers to crash a vulnerable browser by tricking a user into visiting a malicious web page.

Affected Products

Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0

Impact

Denial of service.

Recommended Actions

As of August 25 2006, Fortinet is unaware of any vendor supplied patches for this issue. If you have more recent information, please contact us at vulnwatch AT fortinet.com.
Users should never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources.
Disable the execution of script code or active content in your web browser. Disabling scripting and active content in the Internet Zone may limit exposure to this and other vulnerabilities.

CVE References

CVE-2006-3354