Intrusion Prevention



This indicates an attack attempt against a Denial of Service in Microsoft Internet Explorer.
The vulnerability is due to a NULL pointer dereference error in the Microsoft DirectAnimation Structured Graphics control ("daxctle.ocx") when handling a specially crafted "SourceURL" parameter. This bug can be exploited by attackers to crash a vulnerable browser by tricking a user into visiting a malicious web page.

Affected Products

Microsoft Internet Explorer 5.0.1 SP4
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 6.0 SP1, SP2


Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.

CVE References