CVE-2006-1192

Microsoft Internet Explorer <6 - CSRF

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1192.

AI-analyzed exploit summary This exploit leverages malformed HTML tags to trigger a denial-of-service (DoS) condition in vulnerable browsers. The payload consists of improperly nested and unclosed HTML tags, which can cause parsing errors leading to crashes or resource exhaustion.

Description

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626.

Exploits (1)

exploitdb WORKING POC

htmldoswindows

https://www.exploit-db.com/exploits/1838

View Code ZIP pw:eip

This exploit leverages malformed HTML tags to trigger a denial-of-service (DoS) condition in vulnerable browsers. The payload consists of improperly nested and unclosed HTML tags, which can cause parsing errors leading to crashes or resource exhaustion.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Web browsers (specific versions not specified)

No auth needed

Prerequisites: A vulnerable browser version that mishandles malformed HTML

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (12)

Core 12

Core References

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/17460

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/18957

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1498

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/670

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/25557

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1645

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1336

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/1318

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1740

Patch vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1015899

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1725

Scores

EPSS 0.2454

EPSS Percentile 96.3%

Details

CWE

CWE-20

Status published

Products (4)

canon/network_camera_server_vb101

microsoft/ie 5.01 windows_2000_sp4

microsoft/ie 6 (6 CPE variants)

microsoft/internet_explorer 6 sp1

Published Apr 11, 2006

Tracked Since Feb 18, 2026