• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Shlwapi.dll Malformed HTML Form Tag Denial of Service Vulnerability

Bugtraq ID:	7402
Class:	Failure to Handle Exceptional Conditions
CVE:
Remote:	Yes
Local:	No
Published:	Apr 22 2003 12:00AM
Updated:	Apr 22 2003 12:00AM
Credit:	Discovery is credited to Ramon Pinuaga Cascales <rpinuaga@s21sec.com>.
Vulnerable:	Microsoft Shlwapi.dll 6.0.2800 .1106 + Microsoft FrontPage 2000 SR1 + Microsoft FrontPage 2000 SP2 + Microsoft FrontPage 2000 + Microsoft FrontPage 2002 SP1 + Microsoft FrontPage 2002 + Microsoft FrontPage 97 + Microsoft FrontPage 98 + Microsoft Internet Explorer 5.0.1 SP3 + Microsoft Internet Explorer 5.0.1 SP2 + Microsoft Internet Explorer 5.0.1 SP1 + Microsoft Internet Explorer 5.0.1 + Microsoft Internet Explorer 6.0 SP1 + Microsoft Internet Explorer 6.0 + Microsoft Internet Explorer 5.5 SP2 + Microsoft Internet Explorer 5.5 SP1 + Microsoft Internet Explorer 5.5 + Microsoft Internet Explorer 5.0 + Microsoft Windows .NET Datacenter Server Beta 3 + Microsoft Windows .NET Enterprise Server RC2 + Microsoft Windows .NET Enterprise Server Beta 3 + Microsoft Windows .NET Standard Server Beta 3 + Microsoft Windows .NET Web Server Beta 3 + Microsoft Windows 2000 Advanced Server SP3 + Microsoft Windows 2000 Advanced Server SP2 + Microsoft Windows 2000 Advanced Server SP1 + Microsoft Windows 2000 Advanced Server + Microsoft Windows 2000 Datacenter Server SP3 + Microsoft Windows 2000 Datacenter Server SP2 + Microsoft Windows 2000 Datacenter Server SP1 + Microsoft Windows 2000 Datacenter Server + Microsoft Windows 2000 Professional SP3 + Microsoft Windows 2000 Professional SP2 + Microsoft Windows 2000 Professional SP1 + Microsoft Windows 2000 Professional + Microsoft Windows 2000 Server SP3 + Microsoft Windows 2000 Server SP2 + Microsoft Windows 2000 Server SP1 + Microsoft Windows 2000 Server + Microsoft Windows 2000 Terminal Services SP3 + Microsoft Windows 2000 Terminal Services SP2 + Microsoft Windows 2000 Terminal Services SP1 + Microsoft Windows 2000 Terminal Services + Microsoft Windows ME + Microsoft Windows Server 2003 Datacenter Edition + Microsoft Windows Server 2003 Datacenter Edition Itanium 0 + Microsoft Windows Server 2003 Enterprise Edition + Microsoft Windows Server 2003 Enterprise Edition Itanium 0 + Microsoft Windows Server 2003 Standard Edition + Microsoft Windows Server 2003 Web Edition + Microsoft Windows XP Home SP1 + Microsoft Windows XP Home + Microsoft Windows XP Professional SP1 + Microsoft Windows XP Professional
Not Vulnerable: