CVE-2004-2011

Vulnerability

A parsing error in msxml3.dll (version 8.10.8308.0) within Internet Explorer 6.0.2600.0 causes a denial-of-service crash when processing a malformed XML Ref href link containing a single & character (e.g., `). The crash occurs specifically on page refresh due to missing portions of the URI or incomplete parsing of the ampersand. The vulnerable component is the msxml3.dll module at offset 000b8c10`. [1]

Exploitation

An attacker can host a malicious XML file (e.g., at a URL such as http://theinsider.deep-ice.com/xmlcrash.xml) containing the crafted Ref element. The victim only needs to open the page and then refresh it. No authentication, special privileges, or user interaction beyond clicking refresh is required. The crash is triggered during the XML parsing phase after the page reloads. [1]

Impact

Successful exploitation causes Internet Explorer to crash, resulting in a denial of service. The browser becomes unresponsive or closes, potentially causing loss of unsaved data. No code execution, privilege escalation, or data disclosure is achieved; the impact is limited to availability. [1]

Mitigation

No official patch or fix from Microsoft was found in the available references for CVE-2004-2011. Users can avoid opening untrusted XML links or disable scripting and ActiveX controls in Internet Explorer as a workaround, though the most effective mitigation is to upgrade to a newer browser version not affected by this msxml3.dll parsing issue. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog. [1]