CVE-2006-0187

Microsoft Visual Studio .NET - Remote Code Execution via Malicious Project File

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-0187. PoCs published by priestmaster, anonymous.

AI-analyzed exploit summary The provided text describes a vulnerability in Microsoft Visual Studio 2005 where project files can execute arbitrary code without user notification. This is a design flaw that can be exploited remotely via malicious project files.

Description

By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file.

Exploits (2)

exploitdb WRITEUP VERIFIED
by priestmaster · textremotewindows
https://www.exploit-db.com/exploits/27073

The provided text describes a vulnerability in Microsoft Visual Studio 2005 where project files can execute arbitrary code without user notification. This is a design flaw that can be exploited remotely via malicious project files.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Microsoft Visual Studio 2005
No auth needed
Prerequisites: User interaction to open a malicious project file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by anonymous · perlremotewindows
https://www.exploit-db.com/exploits/27072

This exploit targets a vulnerability in Microsoft Internet Explorer via the Msdds.dll COM object (CVE-2006-0187). It uses a heap spray technique to execute arbitrary shellcode, resulting in a bind shell on port 28876.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Internet Explorer 6 SP2 (Windows XP SP2)
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24116
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16225
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18409
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/421943/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0151

Scores

EPSS 0.1890
EPSS Percentile 96.9%

Details

Status published
Products (1)
microsoft/visual_studio_.net 2005
Published Jan 12, 2006
Tracked Since Feb 18, 2026