CVE-2006-7206

Microsoft Internet Explorer - Denial of Service

Title source: rule

Description

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with a long string argument, which causes an "invalid memory access" in the SysFreeString function, a different issue than CVE-2006-3510 and CVE-2006-3899.

Exploits (1)

exploitdb WORKING POC VERIFIED

by anonymous · htmlremotewindows

https://www.exploit-db.com/exploits/3577

View Code ZIP pw:eip

References (4)

[Various Sources] http://browserfun.blogspot.com/2006/07/mobb-29-adodbrecordset-nextrecordset.html

[Third Party Advisory, VDB Entry] http://www.osvdb.org/27532

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/28066

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/19227

Scores

EPSS 0.4893

EPSS Percentile 97.8%

Details

Status published

Products (1)

microsoft/internet_explorer 6

Published Jun 22, 2007

Tracked Since Feb 18, 2026