Microsoft Windows shlwapi.dll Malformed HTML Tag Handling Null Pointer DoS

medium Nessus Plugin ID 11583

Synopsis

It is possible to crash the remote web client.

Description

The remote host is running a version of the shlwapi.dll which crashes when processing a malformed HTML form.

An attacker may use this flaw to prevent the users of this host from working properly.

To exploit this flaw, an attacker would need to send a malformed HTML file to the remote user, either by email or by making the user visit a rogue website.

Solution

None

Plugin Details

Severity: Medium

ID: 11583

File Name: shlwapi_dll_dos.nasl

Version: 1.19

Type: local

Agent: windows

Family: Windows

Published: 5/6/2003

Updated: 8/8/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Excluded KB Items: SMB/samba

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 4/21/2003

Reference Information

BID: 7402

Detections

Analytics