CVE-2006-3899

Microsoft Internet Explorer 6.0 - Denial of Service via CEnroll ActiveX stringToBinary Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3899. PoCs published by hdm.

AI-analyzed exploit summary This exploit leverages a denial-of-service vulnerability in Microsoft Internet Explorer by using the ActiveXObject 'CEnroll.CEnroll.2' to trigger a buffer overflow via an excessively long string. The PoC crashes the application by exploiting improper bounds-checking in the 'stringToBinary' method.

Description

Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen function.

Exploits (1)

exploitdb WORKING POC VERIFIED

by hdm · textdoswindows

https://www.exploit-db.com/exploits/28252

View Code ZIP pw:eip

This exploit leverages a denial-of-service vulnerability in Microsoft Internet Explorer by using the ActiveXObject 'CEnroll.CEnroll.2' to trigger a buffer overflow via an excessively long string. The PoC crashes the application by exploiting improper bounds-checking in the 'stringToBinary' method.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer (versions affected by CVE-2006-3899)

No auth needed

Prerequisites: ActiveX enabled in Internet Explorer · User interaction to execute the script

MITRE ATT&CK