Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-4717

4 documents4 sources

Severity

5.0MEDIUM

EPSS

17.5%

top 4.91%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft IE Microsoft Internet Explorer Microsoft Windows 2003 Server +1 more

Timeline

PublishedDec 31

Latest updateMay 1

Description

Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDmicrosoft/windows_2003_serversp1

▶NVDmicrosoft/windows_nt4.0

▶NVDmicrosoft/internet_explorer6.0

▶NVDmicrosoft/ie6.0

🔴Vulnerability Details

GHSA

GHSA-fmx8-cmcw-gqrw: Microsoft Internet Explorer 6↗2022-05-01

▶

CVEList

CVE-2005-4717: Microsoft Internet Explorer 6↗2006-02-15

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer 6 - Malformed HTML Parsing Denial of Service (1)↗2005-11-01

▶