Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-1992 — Microsoft Internet Explorer vulnerability

CWE-3995 documents3 sources

Severity

9.3CRITICALNVD

NVD2.6

EPSS

55.6%

top 1.91%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Explorer

Timeline

PublishedApr 25

Latest updateMay 1

Description

mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally theorized, but Microsoft has stated that this issue is non-exploitable.

CVSS vector

AV:N/AC:H/C:N/I:N/A:PExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer6.0, 6.0.2900+1

Patches

Patch: secunia.com ↗Patch: securitytracker.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-37wg-v9p2-chv7: Unspecified vulnerability in Internet Explorer 6↗2022-05-01

▶

GHSA

GHSA-2p75-6997-4j6p: mshtml↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer 6 - Nested OBJECT Tag Memory Corruption↗2006-04-22

▶