Microsoft Windows shlwapi.dll Malformed HTML Tag Handling Null Pointer DoS

This script is Copyright (C) 2003-2015 Tenable Network Security, Inc.

Synopsis :

It is possible to crash the remote web client.

Description :

The remote host is running a version of the shlwapi.dll which crashes
when processing a malformed HTML form.

An attacker may use this flaw to prevent the users of this host from
working properly.

To exploit this flaw, an attacker would need to send a malformed HTML
file to the remote user, either by email or by making the user visit a
rogue website.

Solution :


Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.9
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 11583 ()

Bugtraq ID: 7402


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now