CVE-2006-6827

Macromedia Flash 8 - Denial of Service via Long String in Flash8b.AllowScriptAccess

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6827. PoCs published by shinnai.

AI-analyzed exploit summary This exploit triggers a Denial of Service (DoS) in Macromedia Flash 8 by passing an excessively long string to the `AllowScriptAccess` property via VBScript in Internet Explorer. The vulnerability causes the Flash ActiveX control to crash due to improper handling of the input.

Description

Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the Flash8b.AllowScriptAccess method.

Exploits (1)

exploitdb WORKING POC VERIFIED
by shinnai · htmldoswindows
https://www.exploit-db.com/exploits/3041

This exploit triggers a Denial of Service (DoS) in Macromedia Flash 8 by passing an excessively long string to the `AllowScriptAccess` property via VBScript in Internet Explorer. The vulnerability causes the Flash ActiveX control to crash due to improper handling of the input.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Macromedia Flash 8 (Flash8b.ocx) in Internet Explorer
No auth needed
Prerequisites: Internet Explorer with Flash8b.ocx installed · VBScript enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21818
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/31156
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3041

Scores

EPSS 0.0326
EPSS Percentile 86.7%

Details

Status published
Products (4)
macromedia/flash_player 8.0
macromedia/flash_player 8.0.22.0
macromedia/flash_player 8.0.24.0
macromedia/flash_player 8.0.33.0
Published Dec 31, 2006
Tracked Since Feb 18, 2026