Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-6659Microsoft IE vulnerability

5 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
24.3%
top 3.90%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft IE
Timeline
PublishedDec 20
Latest updateMay 1

Description

The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmicrosoft/ie7.0

🔴Vulnerability Details

2
GHSA
GHSA-fq94-vv2j-8hwc: The Microsoft Office Outlook Recipient ActiveX control (ole322022-05-01
CVEList
CVE-2006-6659: The Microsoft Office Outlook Recipient ActiveX control (ole322006-12-20

💥Exploits & PoCs

2
Exploit-DB
Microsoft Office Outlook Recipient Control - 'ole32.dll' Denial of Service2006-12-18
Exploit-DB
Microsoft Outlook - ActiveX Control Remote Internet Explorer Denial of Service2006-12-18
CVE-2006-6659 — Microsoft IE vulnerability | cvebase