Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-3354Microsoft IE vulnerability

4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
39.4%
top 2.70%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedJul 6
Latest updateMay 1

Description

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDmicrosoft/internet_explorer6 versions+5
NVDmicrosoft/ie6, 6.0+1

🔴Vulnerability Details

2
GHSA
GHSA-q62f-6v8q-fwc9: Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB2022-05-01
CVEList
CVE-2006-3354: Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB2006-07-06

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 6 - ADODB.Recordset Filter Property Denial of Service2006-07-03
CVE-2006-3354 — Microsoft IE vulnerability | cvebase