Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Internet_explorer | Microsoft | 5.01-sp2 (including) | 5.01-sp2 (including) |
| Internet_explorer | Microsoft | 5.01-sp3 (including) | 5.01-sp3 (including) |
| Internet_explorer | Microsoft | 5.01-sp4 (including) | 5.01-sp4 (including) |
| Internet_explorer | Microsoft | 5.5-sp2 (including) | 5.5-sp2 (including) |
| Internet_explorer | Microsoft | 6.0 (including) | 6.0 (including) |
| Internet_explorer | Microsoft | 6.0-sp1 (including) | 6.0-sp1 (including) |
| Outlook | Microsoft | 2000-sp2 (including) | 2000-sp2 (including) |
| Outlook | Microsoft | 2000-sp3 (including) | 2000-sp3 (including) |
| Outlook | Microsoft | 2000-sp4 (including) | 2000-sp4 (including) |
| Windows_98 | Microsoft | - (including) | - (including) |
| Windows_98se | Microsoft | - (including) | - (including) |
| Windows_me | Microsoft | - (including) | - (including) |
| Windows_nt | Microsoft | 4.0-sp6 (including) | 4.0-sp6 (including) |
| Windows_nt | Microsoft | 4.0-sp6a (including) | 4.0-sp6a (including) |
| Windows_server_2003 | Microsoft | - (including) | - (including) |
| Windows_xp | Microsoft | - (including) | - (including) |
| Windows_xp | Microsoft | –sp1 (including) | –sp1 (including) |