Intrusion Prevention

MS.IE.Nested.OBJECT.Tag.Handling.Remote.Memory.Corruption

Description

This indicates a possible attempt to exploit a Denial of Service vulnerability in Microsoft Internet Explorer.
The vulnerability appears when using nested "OBJECT" tags, which can trigger invalid pointer dererences, including NULL dereferences, leading to a Denial of Service condition or the execution of arbitrary code.

Affected Products

Microsoft Internet Explorer 6.0 SP2.

Impact

System Compromise.
Denial of service.

Recommended Actions

Microsoft has released a security update that fixes this vulnerability.
http://www.microsoft.com/technet/security/Bulletin/MS06-021.mspx

CVE References

CVE-2006-1992