CVE-2006-7066

Microsoft Internet Explorer 6 and 7.0.6000.16473 - Denial of Service via Orphaned Object Property Access

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-7066. PoCs published by hdm.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service vulnerability in Microsoft Internet Explorer by creating an orphaned object and manipulating its properties, leading to a browser crash.

Description

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.

Exploits (1)

exploitdb WORKING POC VERIFIED

by hdm · textdoswindows

https://www.exploit-db.com/exploits/28301

View Code ZIP pw:eip

This exploit demonstrates a denial-of-service vulnerability in Microsoft Internet Explorer by creating an orphaned object and manipulating its properties, leading to a browser crash.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer (versions affected by CVE-2006-7066)

No auth needed

Prerequisites: Victim must visit a malicious webpage

MITRE ATT&CK