[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-1992Date: (C)2006-04-24   (M)2023-12-22


mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally theorized, but Microsoft has stated that this issue is non-exploitable.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.6
Exploit Score: 4.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECTRACK-1016001
SECTRACK-1016291
BID-17658
SECUNIA-19762
http://www.securityfocus.com/archive/1/431796/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0616.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045422.html
OSVDB-27475
SREASON-781
ADV-2006-1507
MS06-021
ie-object-memory-corruption(25978)

CWE    1
CWE-399

© SecPod Technologies