CVE-2006-1992
published 2006-04-25CVE-2006-1992: mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which…
PriorityP413low2.6CVSS 2.0
AVNACHAuNCNINAP
EXPLOIT
EPSS
40.43%
98.5th percentile
mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally theorized, but Microsoft has stated that this issue is non-exploitable.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect HTML content containing deeply nested OBJECT tags, which is the trigger for the invalid pointer dereference in mshtml.dll ↗
- →Monitor for IE6 process crashes (iexplore.exe) originating from mshtml.dll, particularly when processing HTML email, newsgroup postings, or web pages containing nested OBJECT tags ↗
- ·Microsoft has confirmed this issue is non-exploitable for code execution; crash/DoS is the realistic impact ↗
- ·Exploit attempts are expected to result in application crash rather than arbitrary code execution ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-37wg-v9p2-chv7: Unspecified vulnerability in Internet Explorer 6
ghsa_unreviewed·2022-05-01·CVSS 2.6
CVE-2006-2218 [LOW] GHSA-37wg-v9p2-chv7: Unspecified vulnerability in Internet Explorer 6
Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.
GHSA
GHSA-2p75-6997-4j6p: mshtml
ghsa_unreviewed·2022-05-01
CVE-2006-1992 [LOW] GHSA-2p75-6997-4j6p: mshtml
mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally theorized, but Microsoft has stated that this issue is non-exploitable.
No detection rules found.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0616.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045422.htmlhttp://secunia.com/advisories/19762http://securityreason.com/securityalert/781http://securitytracker.com/id?1016001http://securitytracker.com/id?1016291http://www.osvdb.org/27475http://www.securityfocus.com/archive/1/431796/100/0/threadedhttp://www.securityfocus.com/bid/17658http://www.vupen.com/english/advisories/2006/1507https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021https://exchange.xforce.ibmcloud.com/vulnerabilities/25978http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0616.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045422.htmlhttp://secunia.com/advisories/19762http://securityreason.com/securityalert/781http://securitytracker.com/id?1016001http://securitytracker.com/id?1016291http://www.osvdb.org/27475http://www.securityfocus.com/archive/1/431796/100/0/threadedhttp://www.securityfocus.com/bid/17658http://www.vupen.com/english/advisories/2006/1507https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021https://exchange.xforce.ibmcloud.com/vulnerabilities/25978
2006-04-25
Published