CVE-2006-7206

Microsoft Internet Explorer 6 - Denial of Service via ADODB.Recordset NextRecordset Method

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-7206. PoCs published by anonymous.

AI-analyzed exploit summary This exploit leverages a double-free vulnerability in Microsoft Internet Explorer's ADODB.Recordset (msado15.dll) via the NextRecordset() function. It uses heap spraying and Lookaside remapping to achieve remote code execution, launching calc.exe as a proof of concept.

Description

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with a long string argument, which causes an "invalid memory access" in the SysFreeString function, a different issue than CVE-2006-3510 and CVE-2006-3899.

Exploits (1)

exploitdb WORKING POC VERIFIED

by anonymous · htmlremotewindows

https://www.exploit-db.com/exploits/3577

View Code ZIP pw:eip

This exploit leverages a double-free vulnerability in Microsoft Internet Explorer's ADODB.Recordset (msado15.dll) via the NextRecordset() function. It uses heap spraying and Lookaside remapping to achieve remote code execution, launching calc.exe as a proof of concept.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Microsoft Internet Explorer (pre-SP2 and SP2)

No auth needed

Prerequisites: Victim must visit a malicious webpage using a vulnerable version of Internet Explorer

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources x_refsource_misc

http://browserfun.blogspot.com/2006/07/mobb-29-adodbrecordset-nextrecordset.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/27532

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/28066

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/19227

Scores

EPSS 0.2209

EPSS Percentile 97.4%

Details

Status published

Products (1)

microsoft/internet_explorer 6

Published Jun 22, 2007

Tracked Since Feb 18, 2026