CVE-2006-1992

Severity

26%

Complexity

49%

Confidentiality

48%

mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally theorized, but Microsoft has stated that this issue is non-exploitable.

mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally theorized, but Microsoft has stated that this issue is non-exploitable.

CVSS 2.0 Base Score 2.6. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:N/A:P).

Overview

First reported 19 years ago

2006-04-25 01:02:00

Last updated 6 years ago

2018-10-18 16:37:00

Affected Software

Microsoft Internet Explorer 6.0.2900

6.0.2900

References

20060422 Re: MSIE (mshtml.dll) OBJECT tag vulnerability

20060423 MSIE (mshtml.dll) OBJECT tag vulnerability

19762

Patch, Vendor Advisory

781

1016001

Exploit

1016291

Patch

27475

20060422 MSIE (mshtml.dll) OBJECT tag vulnerability

17658

Exploit

ADV-2006-1507

Vendor Advisory

MS06-021

ie-object-memory-corruption(25978)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.