I'm writing this to you with my Mozilla browser, because IE just
crashed on the exploit of the bug at
<
http://vibrantlogic.com/new.html> whose entire page source is these
five lines:
<html>
<form>
<input type crash>
</form>
</html>
Details follow.
-~^~-
"Description:
A vulnerability identified in a library included in Windows XP and
Internet Explorer version 4.0 and newer can be exploited to cause a
DoS (Denial of Service) on certain applications.
The vulnerability is caused due to a NULL pointer dereference bug in
Microsoft Shell Light-Weight Utility Library ("shlwapi.dll"). A
malicious person can exploit the vulnerability by constructing a
special HTML document, which will crash applications using the
vulnerable library.
Reportedly, the vulnerability can be exploited to crash all of the
following applications:
- Windows Explorer
- Internet Explorer
- Outlook
- Outlook Express
- Frontpage
Solution:
There is no immediate solution available.
If this is regarded as a serious risk, then don't view untrusted HTML
documents. Use another browser that isn't linked to the vulnerable
library when surfing the Internet.