CVE-2006-4219

Microsoft IE - Denial of Service

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4219. PoCs published by nop.

AI-analyzed exploit summary This exploit leverages a memory corruption vulnerability in the 'tsuserex.dll' COM object ActiveX control in Microsoft Internet Explorer. By instantiating the vulnerable COM object via a malicious HTML page, an attacker can execute arbitrary code in the context of the logged-in user.

Description

The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.

Exploits (1)

exploitdb WORKING POC VERIFIED

by nop · htmlremotewindows

https://www.exploit-db.com/exploits/28400

View Code ZIP pw:eip

This exploit leverages a memory corruption vulnerability in the 'tsuserex.dll' COM object ActiveX control in Microsoft Internet Explorer. By instantiating the vulnerable COM object via a malicious HTML page, an attacker can execute arbitrary code in the context of the logged-in user.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer on Windows Server 2003 SP1

No auth needed

Prerequisites: Victim must visit a malicious web page or open a malicious HTML email · Vulnerable version of Internet Explorer and Windows Server 2003

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →