CVE-2006-1992

Internet Explorer - Denial of Service via Nested OBJECT Tags

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1992. PoCs published by Michal Zalewski.

AI-analyzed exploit summary This exploit leverages a memory corruption vulnerability in Microsoft Internet Explorer by using nested OBJECT tags in HTML content. The provided Perl one-liner generates a malicious HTML file that can crash the browser or potentially execute arbitrary code.

Description

mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally theorized, but Microsoft has stated that this issue is non-exploitable.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Michal Zalewski · textdoswindows
https://www.exploit-db.com/exploits/27727

This exploit leverages a memory corruption vulnerability in Microsoft Internet Explorer by using nested OBJECT tags in HTML content. The provided Perl one-liner generates a malicious HTML file that can crash the browser or potentially execute arbitrary code.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: Microsoft Internet Explorer 6 on Windows XP SP2
No auth needed
Prerequisites: Victim must open the malicious HTML file in a vulnerable version of Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12
Core References
Mailing List mailing-list x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045422.html
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/781
Exploit vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016001
Patch vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016291
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/431796/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/27475
Third Party Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0616.html
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1507
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19762
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25978
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/17658

Scores

EPSS 0.4043
EPSS Percentile 98.5%

Details

CWE
CWE-399
Status published
Products (1)
microsoft/internet_explorer 6.0.2900
Published Apr 25, 2006
Tracked Since Feb 18, 2026