Microsoft Windows shlwapi.dll Malformed HTML Tag Handling Null Pointer DoS
Medium Nessus Plugin ID 11583
SynopsisIt is possible to crash the remote web client.
DescriptionThe remote host is running a version of the shlwapi.dll which crashes when processing a malformed HTML form.
An attacker may use this flaw to prevent the users of this host from working properly.
To exploit this flaw, an attacker would need to send a malformed HTML file to the remote user, either by email or by making the user visit a rogue website.