Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-1359Code Injection in Microsoft IE

CWE-94Code Injection9 documents5 sources
Severity
9.3CRITICALNVD
EPSS
87.6%
top 0.53%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedMar 23
Latest updateMay 1

Description

Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/ie6.0, 7.0+1

🔴Vulnerability Details

3
GHSA
GHSA-43v5-w42f-65jx: Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain crea2022-05-01
CVEList
CVE-2006-1359: Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain crea2006-03-23
VulnCheck
Microsoft Internet Explorer Improper Control of Generation of Code ('Code Injection')2006

💥Exploits & PoCs

5
Exploit-DB
Microsoft Internet Explorer - 'createTextRange()' Code Execution (MS06-013) (Metasploit)2010-09-20
Exploit-DB
Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)2006-05-27
Exploit-DB
Microsoft Internet Explorer - 'createTextRang' Remote (Metasploit)2006-04-01
Exploit-DB
Microsoft Internet Explorer - 'createTextRang' Download Shellcode (2)2006-03-31
Exploit-DB
Microsoft Internet Explorer - 'createTextRang' Remote Code Execution2006-03-23
CVE-2006-1359 — Code Injection in Microsoft IE | cvebase