Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-7066Microsoft Internet Explorer vulnerability

3 documents3 sources
Severity
7.1HIGHNVD
EPSS
36.0%
top 2.89%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedMar 2
Latest updateMay 1

Description

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-7jhv-xq3r-8h9q: Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, d2022-05-01

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 6 - Deleted Frame Object Denial of Service2006-07-29
CVE-2006-7066 — Microsoft vulnerability | cvebase