Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ie | Microsoft | 5.1 (including) | 5.1 (including) |
| Ie | Microsoft | 5.2.3 (including) | 5.2.3 (including) |
| Ie | Microsoft | 6-windows_server_2003_sp1 (including) | 6-windows_server_2003_sp1 (including) |
| Internet_explorer | Microsoft | 5.1 (including) | 5.1 (including) |
| Internet_explorer | Microsoft | 5.01-sp4 (including) | 5.01-sp4 (including) |
| Internet_explorer | Microsoft | 5.5 (including) | 5.5 (including) |
| Internet_explorer | Microsoft | 5.5-preview (including) | 5.5-preview (including) |
| Internet_explorer | Microsoft | 5.5-sp1 (including) | 5.5-sp1 (including) |
| Internet_explorer | Microsoft | 5.5-sp2 (including) | 5.5-sp2 (including) |
| Internet_explorer | Microsoft | 6.0 (including) | 6.0 (including) |
| Internet_explorer | Microsoft | 6.0.2900.2180 (including) | 6.0.2900.2180 (including) |