CVE-2006-3899
published 2006-07-27CVE-2006-3899: Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary…
PriorityP421medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
24.27%
97.6th percentile
Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen function.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m53r-x65q-r823: Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB
ghsa_unreviewed·2022-05-01·CVSS 2.6
CVE-2006-7206 [LOW] GHSA-m53r-x65q-r823: Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with a long string argument, which causes an "invalid memory access" in the SysFreeString function, a different issue than CVE-2006-3510 and CVE-2006-3899.
GHSA
GHSA-cmmc-r884-f54q: Microsoft Internet Explorer 6
ghsa_unreviewed·2022-05-01
CVE-2006-3899 [MEDIUM] GHSA-cmmc-r884-f54q: Microsoft Internet Explorer 6
Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen function.
No detection rules found.
No writeups or analysis indexed.
http://browserfun.blogspot.com/2006/07/mobb-21-cenroll-stringtobinary.htmlhttp://www.osvdb.org/27230http://www.securityfocus.com/bid/19102http://www.vupen.com/english/advisories/2006/2916https://exchange.xforce.ibmcloud.com/vulnerabilities/27884http://browserfun.blogspot.com/2006/07/mobb-21-cenroll-stringtobinary.htmlhttp://www.osvdb.org/27230http://www.securityfocus.com/bid/19102http://www.vupen.com/english/advisories/2006/2916https://exchange.xforce.ibmcloud.com/vulnerabilities/27884
2006-07-27
Published