CVE-2006-3729

Internet Explorer 6 - Denial of Service via OWC11.DataSourceControl.11 getDataMemberName Method

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3729. PoCs published by hdm.

AI-analyzed exploit summary This exploit triggers a denial-of-service vulnerability in Internet Explorer by creating an ActiveX object and calling a method with a specific invalid argument, causing the browser to crash.

Description

DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office installed allows remote attackers to cause a denial of service (crash) via a large negative integer argument to the getDataMemberName method of a OWC11.DataSourceControl.11 object, which leads to an integer overflow and a null dereference.

Exploits (1)

exploitdb WORKING POC VERIFIED

by hdm · textdoswindows

https://www.exploit-db.com/exploits/28244

View Code ZIP pw:eip

This exploit triggers a denial-of-service vulnerability in Internet Explorer by creating an ActiveX object and calling a method with a specific invalid argument, causing the browser to crash.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Internet Explorer 6 SP2

No auth needed

Prerequisites: ActiveX enabled in Internet Explorer · OWC11.DataSourceControl.11 ActiveX object registered

MITRE ATT&CK