CVE-2006-1359

EXPLOITED

Microsoft Internet Explorer <7 - RCE/DoS

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2006-1359 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 6 public exploits from researchers including Metasploit, Randy Flood, ATmaCA, including a Metasploit module exploits/windows/browser/ms06_013_createtextrange.

AI-analyzed exploit summary This is a Metasploit module exploiting CVE-2006-1359, a memory corruption vulnerability in Internet Explorer 6 and 7 (Beta 2) via the createTextRange() method. It uses heap spraying to achieve remote code execution on Windows XP SP2.

Description

Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.

Exploits (6)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16578

This is a Metasploit module exploiting CVE-2006-1359, a memory corruption vulnerability in Internet Explorer 6 and 7 (Beta 2) via the createTextRange() method. It uses heap spraying to achieve remote code execution on Windows XP SP2.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Internet Explorer 6.0.3790.0 and 7.0.5229.0
No auth needed
Prerequisites: Victim must visit a malicious webpage · Target must be using a vulnerable version of Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Randy Flood · remotewindows
https://www.exploit-db.com/exploits/1620

This is a Metasploit module exploiting CVE-2006-1359, a code execution vulnerability in Internet Explorer 6 and 7 via the createTextRange() method. It uses heap spraying to achieve remote code execution on Windows XP SP2.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Internet Explorer 6.0.3790.0, 7.0.5229.0
No auth needed
Prerequisites: Victim must visit a malicious webpage · JavaScript must be enabled in the target browser
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by ATmaCA · c++remotewindows
https://www.exploit-db.com/exploits/1628

This exploit leverages a heap spraying technique to achieve remote code execution in Microsoft Internet Explorer 6.x and 7 Beta 2 via the 'createTextRange' vulnerability. It generates a malicious HTML file that, when opened, triggers the exploit and executes shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Internet Explorer 6.x & 7 Beta 2
No auth needed
Prerequisites: Victim must open the generated HTML file in a vulnerable version of Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by darkeagle · htmlremotewindows
https://www.exploit-db.com/exploits/1606

This exploit leverages a heap spray technique to overwrite EIP in Internet Explorer 6.x and IE7 Beta 2, executing shellcode (calc.exe) via a JavaScript-based memory corruption vulnerability. The PoC fills heap memory with NOPs and shellcode to redirect execution flow.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Racy
Target: Microsoft Internet Explorer 6.x, IE7 Beta 2
No auth needed
Prerequisites: Victim must visit a malicious webpage · Sufficient RAM (tested with 192MB+) · Unpatched IE 6.x or IE7 Beta 2
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
htmldoswindows
https://www.exploit-db.com/exploits/1838

This is a proof-of-concept exploit for CVE-2006-1359, which targets a vulnerability in Internet Explorer. The exploit uses malformed HTML tags to trigger a denial-of-service condition.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Internet Explorer
No auth needed
Prerequisites: Victim must open the malicious HTML file in a vulnerable version of Internet Explorer
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms06_013_createtextrange.rb

This Metasploit module exploits a memory corruption vulnerability in Microsoft Internet Explorer (CVE-2006-1359) via the createTextRange() method, leading to arbitrary code execution. It uses heap spraying to achieve reliability and targets IE6 and IE7 on Windows XP SP2.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Internet Explorer 6.0.3790.0 and 7.0.5229.0 on Windows XP SP2
No auth needed
Prerequisites: Victim must visit a malicious webpage · Target must be using a vulnerable version of Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (28)

Core 28
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1678
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/17196
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/429088/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/429124/30/6120/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1050
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A985
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/876678
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/24050
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1178
Third Party Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1427.html
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA06-101A.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1702
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18680
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2006-7/advisory/
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1657
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25379
Third Party Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1662.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015812
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/428441
Third Party Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1430.html
Third Party Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1434.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/428600/100/0/threaded
Third Party Advisory, US Government Resource third-party-advisory government-resource x_refsource_ciac
http://www.ciac.org/ciac/bulletins/q-154.shtml
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1318
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/428583/100/0/threaded

Scores

EPSS 0.8760
EPSS Percentile 99.5%

Details

VulnCheck KEV 2006-04-11
CWE
CWE-94
Status published
Products (3)
microsoft/ie 6.0 sp1 (2 CPE variants)
microsoft/ie 7.0 beta_2
microsoft/internet_explorer 6.0
Published Mar 23, 2006
Tracked Since Feb 18, 2026