Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-3944Microsoft IE vulnerability

4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
43.0%
top 2.51%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft IE
Timeline
PublishedJul 31
Latest updateMay 1

Description

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-q369-5x9g-9m5c: Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms2022-05-01
CVEList
CVE-2006-3944: Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms2006-07-31

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 6 - Multiple Object ListWidth Property Denial of Service Vulnerabilities2006-07-23
CVE-2006-3944 — Microsoft IE vulnerability | cvebase