Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-2766 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft IE

4 documents4 sources

Severity

2.6LOWNVD

EPSS

70.2%

top 1.32%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft IE Microsoft Internet Explorer

Timeline

PublishedJun 2

Latest updateMay 1

Description

Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file.

CVSS vector

AV:N/AC:H/C:N/I:N/A:PExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

▶NVDmicrosoft/internet_explorer6.0, 7.0+1

▶NVDmicrosoft/ie6.0

🔴Vulnerability Details

GHSA

GHSA-rvw9-67wj-9wpj: Buffer overflow in INETCOMM↗2022-05-01

▶

CVEList

CVE-2006-2766: Buffer overflow in INETCOMM↗2006-06-02

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows XP/2000/2003 - MHTML URI Buffer Overflow (PoC)↗2006-05-31

▶