CVE-2006-5162

Microsoft Internet Explorer <6.0 SP2 - DoS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5162. PoCs published by Firestorm.

AI-analyzed exploit summary This exploit triggers a stack overflow in wininet.dll by sending an excessively large Content-Type header (1.1M 'A's) to Internet Explorer, causing a crash (DoS). It sets up a local HTTP server to deliver the malicious response.

Description

wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows remote attackers to cause a denial of service (unhandled exception and crash) via a long Content-Type header, which triggers a stack overflow.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Firestorm · perldoswindows

https://www.exploit-db.com/exploits/2039

View Code ZIP pw:eip

This exploit triggers a stack overflow in wininet.dll by sending an excessively large Content-Type header (1.1M 'A's) to Internet Explorer, causing a crash (DoS). It sets up a local HTTP server to deliver the malicious response.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer (via wininet.dll)

No auth needed

Prerequisites: Perl environment · Local network access to target · Target must visit attacker-controlled URL

MITRE ATT&CK