CVE-2006-3591

Microsoft Internet Explorer 6 - Denial of Service via Uninitialized TriEditDocument Object

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3591. PoCs published by hdm.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service vulnerability in Microsoft Internet Explorer by triggering a crash via an ActiveX object manipulation. The PoC uses the 'TriEditDocument.TriEditDocument' ActiveX object with a malformed URL to cause the browser to crash.

Description

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the URL property of a TriEditDocument.TriEditDocument object before it has been initialized, which triggers a NULL pointer dereference.

Exploits (1)

exploitdb WORKING POC VERIFIED

by hdm · textdoswindows

https://www.exploit-db.com/exploits/28207

View Code ZIP pw:eip

This exploit demonstrates a denial-of-service vulnerability in Microsoft Internet Explorer by triggering a crash via an ActiveX object manipulation. The PoC uses the 'TriEditDocument.TriEditDocument' ActiveX object with a malformed URL to cause the browser to crash.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer (versions affected by CVE-2006-3591)

No auth needed

Prerequisites: Victim must visit a malicious webpage · ActiveX controls must be enabled in Internet Explorer

MITRE ATT&CK