https://cxsecurity.com/issue/WLB-2007100113
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-343

MicrosoftInternetExplorer是一款流行的WEB浏览程序。MSIE在处理部分DHTML对象时存在问题，远程程攻击者可以利用这个漏洞构建恶意WEB页面，诱使用户访问，可导致浏览器崩溃。当攻击者构建包含畸形’AnchorClick’连接的DHTML页面(如指定文件夹来代替HREF属性，并指定值为空)，诱使目标用户访问，IE浏览器就会崩溃，问题应该是由于尝试访问NULL指针而引起的异常错误。

Affected product : IE 6.0 Sp1

Vendor Status : the issue will be solved in the next service pack

Description :

Internet explorer can be crashed  by clicking on a specially crafted link .
The problem is in the AnchorClick DHTML behaviour of the A ( link )
object . With this behaviour you can specify a Folder instead of using the
href attribute . If you leave this field blank , upon clicking on the link
internet explorer will crash with an access violation when trying to write
to a null pointer . You can test this issue by clicking the link on this
page

http://usuarios.lycos.es/actualidad21/ie_URL_behaviour.html

-- 
Regards ,

David F. Madrid
Madrid , Spain

来源:XF
名称:ie-anchorclick-dos(11946)
链接:http://xforce.iss.net/xforce/xfdb/11946
来源:BID
名称:7502
链接:http://www.securityfocus.com/bid/7502
来源:BUGTRAQ
名称:20030505CrashinInternetExplorer6.0Sp1
链接:http://www.securityfocus.com/archive/1/320544
来源:SREASON
名称:3292
链接:http://securityreason.com/securityalert/3292
来源：NSFOCUS
名称：4787
链接：http://www.nsfocus.net/vulndb/4787