Intrusion Prevention



Microsoft Internet Explorer allows remote attackers to cause a denial of service by declaring the sourceURL attribute on an uninitialized DirectAnimation.StructuredGraphicsControl ActiveX Object. This flaw is due to a NULL pointer dereference error in the Microsoft DirectAnimation Structured Graphics control ("daxctle.ocx") when handling a specially crafted "SourceURL" parameter. This bug can be exploited by attackers to crash a vulnerable browser by tricking a user into visiting a malicious web page.

Affected Products

Microsoft Internet Explorer 5.0.1 SP4
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 6.0 SP1 ? SP2


Denial of service

Recommended Actions

As of August 25 2006, Fortinet is unaware of any vendor supplied patches for this issue. If you have more recent information, please contact us at vulnwatch AT
Users should never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources.
Disable the execution of script code or active content in your web browser.
Disabling scripting and active content in the Internet Zone may limit exposure to this and other vulnerabilities.

CVE References