Title: Microsoft Office OWC11.DataSourceControl ActiveX getDataMemberName Method Handling NULL Dereference DoS Weakness
Jul 19, 2006
Microsoft Office contains a NULL pointer dereference flaw in the OWC11.DataSourceControl ActiveX control that is triggered when handling overly large values supplied as arguments to the getDataMemberName method. With a specially crafted web page instantiating the ActiveX control in e.g. Internet Explorer, a context-dependent attacker can crash the browser.
Loss of Availability
Not a Vulnerability
OSVDB is not currently aware of a solution for this vulnerability.