Summary
The host has Microsoft Internet Explorer installed, which is prone to denial of service vulnerability.
Impact
Successful exploitation will cause the application to stop responding and denying the service to legitimate users.
Impact Level : Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
For updates refer to http://windows.microsoft.com/en-us/internet-explorer/download-ie
Insight
Due to errors while handling PNG files, CDwnTaskExec::ThreadExec enters into an infinite loop while loading images which causes the browser to crash. This can be exploited by enticing victim to visit a malicious web page embedded with rouge PNG files.
Affected
Microsoft Internet Explorer 7.x and 8 Beta on Windows
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2008-4127 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Denial of Service vulnerability in AVG Anti-Virus (Linux)
- Firefly MediaServer HTTP Header Multiple DoS Vulnerabilities
- Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
- AyeView GIF Image Handling Denial of Service Vulnerability
- ClamAV LZH File Unpacking Denial of Service Vulnerability (Win)