Microsoft Internet Explorer 6 and 7 does not initialize certain data structures during execution of the createElement method, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code, as demonstrated by setting the (1) outerHTML or (2) value property of an object returned by createElement.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Internet_explorer | Microsoft | 6.0.2600 | 6.0.2600 |
| Internet_explorer | Microsoft | 6.00.2462.0000 | 6.00.2462.0000 |
| Internet_explorer | Microsoft | 6.00.2479.0006 | 6.00.2479.0006 |
| Internet_explorer | Microsoft | 6.0 | 6.0 |
| Internet_explorer | Microsoft | 6.0.2800 | 6.0.2800 |
| Internet_explorer | Microsoft | 6.0.2800.1106 | 6.0.2800.1106 |
| Internet_explorer | Microsoft | 6.0.2900 | 6.0.2900 |
| Internet_explorer | Microsoft | 6.00.2600.0000 | 6.00.2600.0000 |
| Internet_explorer | Microsoft | 6.00.2800.1106 | 6.00.2800.1106 |
| Internet_explorer | Microsoft | 6.0.2900.2180 | 6.0.2900.2180 |
| Internet_explorer | Microsoft | 7.0.5730 | 7.0.5730 |
| Internet_explorer | Microsoft | 7.0 | 7.0 |
| Internet_explorer | Microsoft | 7.0 | 7.0 |
| Internet_explorer | Microsoft | 7.0.5730.11 | 7.0.5730.11 |
| Internet_explorer | Microsoft | 6.00.2900.2180 | 6.00.2900.2180 |
| Internet_explorer | Microsoft | 6.00.3663.0000 | 6.00.3663.0000 |
| Internet_explorer | Microsoft | 6.00.3718.0000 | 6.00.3718.0000 |
| Internet_explorer | Microsoft | 6.00.3790.0000 | 6.00.3790.0000 |
| Internet_explorer | Microsoft | 6.00.3790.1830 | 6.00.3790.1830 |
| Internet_explorer | Microsoft | 6.00.3790.3959 | 6.00.3790.3959 |
| Internet_explorer | Microsoft | 7.0 | 7.0 |
| Internet_explorer | Microsoft | 7.0 | 7.0 |
| Internet_explorer | Microsoft | 7.0 | 7.0 |
| Internet_explorer | Microsoft | 7.00.5730.1100 | 7.00.5730.1100 |
| Internet_explorer | Microsoft | 7.00.6000.16386 | 7.00.6000.16386 |
| Internet_explorer | Microsoft | 7.00.6000.16441 | 7.00.6000.16441 |