CVE-2006-6659

Microsoft Office Outlook Recipient ActiveX - DoS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-6659. PoCs published by shinnai.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service vulnerability in the Microsoft Office Outlook Recipient Control (ole32.dll) by embedding an ActiveX control in an HTML page. When the control is enabled and the user attempts to close Internet Explorer, it triggers a DoS condition.

Description

The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.

Exploits (2)

exploitdb WORKING POC VERIFIED
by shinnai · htmldoswindows
https://www.exploit-db.com/exploits/29295

This exploit demonstrates a denial-of-service vulnerability in the Microsoft Office Outlook Recipient Control (ole32.dll) by embedding an ActiveX control in an HTML page. When the control is enabled and the user attempts to close Internet Explorer, it triggers a DoS condition.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Office Outlook Recipient Control (ole32.dll) on Windows XP Professional SP2 with Internet Explorer 6 & 7
No auth needed
Prerequisites: User interaction to enable the ActiveX control in Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by shinnai · htmldoswindows
https://www.exploit-db.com/exploits/2946

This exploit triggers a Denial of Service (DoS) in Microsoft Office Outlook by embedding an ActiveX control (clsid:0006F023-0000-0000-C000-000000000046) in an HTML page. When the control is enabled and the user attempts to close Internet Explorer, the application crashes.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Office Outlook (ole32.dll) on Windows XP SP2 with Internet Explorer 6 & 7
No auth needed
Prerequisites: User interaction to enable the ActiveX control and close the browser
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21649
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017397

Scores

EPSS 0.1620
EPSS Percentile 96.5%

Details

Status published
Products (3)
microsoft/ie 7.0
microsoft/outlook
microsoft/windows_xp
Published Dec 20, 2006
Tracked Since Feb 18, 2026