CVE-2006-3944

Microsoft Internet Explorer 6 - Denial of Service via ListWidth Property Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3944. PoCs published by hdm.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service vulnerability in Microsoft Internet Explorer by triggering a NULL dereference via the 'Forms.ListBox.1' ActiveX object. The PoC crashes the browser when the 'ListWidth' property is set to an invalid value.

Description

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference.

Exploits (1)

exploitdb WORKING POC VERIFIED

by hdm · textdoswindows

https://www.exploit-db.com/exploits/28258

View Code ZIP pw:eip

This exploit demonstrates a denial-of-service vulnerability in Microsoft Internet Explorer by triggering a NULL dereference via the 'Forms.ListBox.1' ActiveX object. The PoC crashes the browser when the 'ListWidth' property is set to an invalid value.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer (versions affected by CVE-2006-3944)

No auth needed

Prerequisites: Victim must visit a malicious webpage · ActiveX controls must be enabled

MITRE ATT&CK