Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2006-1992

Description

mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally theorized, but Microsoft has stated that this issue is non-exploitable.

POC

Reference

- http://securityreason.com/securityalert/781

- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021

Github

No PoCs found on GitHub currently.