[原文]Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property.
Microsoft IE DXImageTransform.Microsoft.Gradient Multiple Property Overflow
Remote / Network Access
Denial of Service,
Loss of Integrity,
Loss of Availability
A remote overflow exists in Internet Explorer. A specialy crafted HTML page using client-side script with the ActiveX object "DXImageTransform.Microsoft.Gradient.1" could cause the browser to crash, and potentially lead to arbitrary code execution. This is due to MSIE failing to handle large values in the "StartColorStr" and "EndColorStr" properties of the ActiveX object resulting in a stack overflow.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.