Exploit

EDB-ID: 27727	Author: Michal Zalewski	Published: 2006-04-22
CVE: CVE-2006-1992	Type: Dos	Platform: Windows
Aliases: N/A	Advisory/Source: Link	Tags: Vulnerability
E-DB Verified:	Exploit: Download / View Raw	Vulnerable App: N/A

« Previous Exploit Next Exploit »

source: http://www.securityfocus.com/bid/17658/info

Microsoft Internet Explorer is prone to a memory-corruption vulnerability. This issue is due to a flaw in the application in handling nested OBJECT tags in HTML content.

An attacker could exploit this issue via a malicious web page to potentially execute arbitrary code in the context of the currently logged-in user, but this has not been confirmed. Exploit attempts likely result in crashing the affected application. Attackers could exploit this issue through HTML email/newsgroup postings or through other applications that employ the affected component.

Microsoft Internet Explorer 6 for Microsoft Windows XP SP2 is reportedly vulnerable to this issue; other versions may also be affected.

perl -e '{print "<STYLE></STYLE>\n<OBJECT>\nBork\n"x32}' >test.html

Related Exploits

Trying to match CVEs (1): CVE-2006-1992
Trying to match OSVDBs (1): 24966
Other Possible E-DB Search Terms: Microsoft Internet Explorer 6, Microsoft Internet Explorer

Date	Title	Author
2006-09-21	Microsoft Internet Explorer (Windows XP SP1) - (VML) Remote Buffer Overflow	Trirat Putt...
2005-01-12	Microsoft Internet Explorer - '.ANI' Remote Stack Overflow (MS05-002) (2)	Skylined
2006-03-23	Microsoft Internet Explorer - 'createTextRang' Download Shellcode Exploit (1)	ATmaCA
2005-03-09	Microsoft Internet Explorer - 'mshtml.dll' CSS Parsing Buffer Overflow	Arabteam2000
2010-01-22	Microsoft Internet Explorer - 'wshom.ocx' (Run) ActiveX Remote Code Execution (Add Admin)	Stack
2010-01-16	Microsoft Internet Explorer - 'wshom.ocx' ActiveX Control Remote Code Execution	germaya_x a...
2006-09-20	Microsoft Internet Explorer - (VML) Remote Buffer Overflow	nop
2006-09-19	Microsoft Internet Explorer - (VML) Remote Denial of Service (PoC)	Shirkdog
2005-04-12	Microsoft Internet Explorer - DHTML Object Memory Corruption	Skylined
2005-05-31	Microsoft Internet Explorer - JavaScript 'window()' Crash	Benjamin Franz
2009-01-09	Microsoft Internet Explorer - JavaScript screen[ ] Denial of Service	Skylined
2006-08-21	Microsoft Internet Explorer - Multiple COM Object Color Property Denial of Service	nop
2005-05-31	Microsoft Internet Explorer - Multiple Stack Overflows Crash	Benjamin Franz
2004-12-28	Microsoft Internet Explorer - Remote Code Execution with Parameters (PoC)	ShredderSub7
2010-09-20	Microsoft Internet Explorer - Unsafe Scripting Misconfiguration (Metasploit)	Metasploit
2008-12-28	Microsoft Internet Explorer - XML Parsing Buffer Overflow	Jeremy Brown
2005-07-15	Microsoft Internet Explorer / MSN - ICC Profiles Crash (PoC)	Edward Gagnon
2004-12-21	Microsoft Internet Explorer / MSN - Memory_Access_Violation Denial of Service	Emmanouel K...
2017-05-03	Microsoft Internet Explorer 11 - 'CMarkup::DestroySplayTree' Use-After-Free	Marcin Ressel
2015-06-08	Microsoft Internet Explorer 11 - Crash (PoC) (2)	Pawel Wylecial
2014-11-10	Microsoft Internet Explorer 11 - Denial of Service	Behrooz Abb...
2016-11-28	Microsoft Internet Explorer 11 - MSHTML 'CGeneratedContent::HasGeneratedSVGMarker' Type Confusion	Skylined
2016-11-02	Microsoft Internet Explorer 11 - MSHTML CView::CalculateImageImmunity Use-After-Free	Skylined
2016-04-15	Microsoft Internet Explorer 11 - MSHTML!CMarkupPointer::UnEmbed Use-After-Free	Marcin Ressel
2015-12-09	Microsoft Internet Explorer 11.0.9600.18097 - COmWindowProxy::SwitchMarkup NULL PTR	Marcin Ressel

Microsoft Internet Explorer 6 - Nested OBJECT Tag Memory Corruption

Related Exploits