Microsoft Windows shlwapi.dll Malformed HTML Tag Handling Null Pointer DoS

This script is Copyright (C) 2003-2015 Tenable Network Security, Inc.


Synopsis :

It is possible to crash the remote web client.

Description :

The remote host is running a version of the shlwapi.dll which crashes
when processing a malformed HTML form.

An attacker may use this flaw to prevent the users of this host from
working properly.

To exploit this flaw, an attacker would need to send a malformed HTML
file to the remote user, either by email or by making the user visit a
rogue website.

Solution :

None

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.9
(CVSS2#E:F/RL:W/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 11583 ()

Bugtraq ID: 7402

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now