EIP-2026-115703

PRE-CVE

Microsoft Internet Explorer 6 - JavaScript Null Pointer Exception Denial of Service

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-115703. PoCs published by Berend-Jan Wever.

AI-analyzed exploit summary This exploit leverages a JavaScript for-loop vulnerability in Internet Explorer 6.0 (SP1) to trigger a denial of service (DoS) by causing the browser to crash. The invalid for statement syntax disrupts the rendering engine, leading to instability.

Description

Microsoft Internet Explorer 6 - JavaScript Null Pointer Exception Denial of Service

Exploits (1)

exploitdb WORKING POC VERIFIED

by Berend-Jan Wever · textdoswindows

https://www.exploit-db.com/exploits/24267

View Code ZIP pw:eip

This exploit leverages a JavaScript for-loop vulnerability in Internet Explorer 6.0 (SP1) to trigger a denial of service (DoS) by causing the browser to crash. The invalid for statement syntax disrupts the rendering engine, leading to instability.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Internet Explorer 6.0 (SP1)

No auth needed

Prerequisites: Target must be using Internet Explorer 6.0 (SP1) · JavaScript must be enabled in the browser

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026