CVE-2006-3605

Microsoft Internet Explorer 6 - Denial of Service via RevealTrans Transition Property

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3605. PoCs published by hdm.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service vulnerability in Microsoft Internet Explorer by triggering a crash via an ActiveX object manipulation. The PoC uses the 'DXImageTransform.Microsoft.RevealTrans.1' object to cause the browser to crash when a button is clicked.

Description

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Transition property on an uninitialized DXImageTransform.Microsoft.RevealTrans.1 ActiveX Object, which triggers a null dereference.

Exploits (1)

exploitdb WORKING POC VERIFIED

by hdm · textdoswindows

https://www.exploit-db.com/exploits/28213

View Code ZIP pw:eip

This exploit demonstrates a denial-of-service vulnerability in Microsoft Internet Explorer by triggering a crash via an ActiveX object manipulation. The PoC uses the 'DXImageTransform.Microsoft.RevealTrans.1' object to cause the browser to crash when a button is clicked.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer (versions affected by CVE-2006-3605)

No auth needed

Prerequisites: Victim must visit a malicious webpage · ActiveX must be enabled in Internet Explorer

MITRE ATT&CK