Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1992

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2006-1992
Last Modified 20 Sep 2011 12:00:00
Published 24 Apr 2006 09:02:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-1992

Summary

mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally theorized, but Microsoft has stated that this issue is non-exploitable.

Vulnerable Systems

Application

  • Microsoft Ie 6.0.2900


References

MS - MS06-021

SECTRACK - 1016291

SECUNIA - 19762

XF - ie-object-memory-corruption(25978)

VUPEN - ADV-2006-1507

BID - 17658

BUGTRAQ - 20060422 MSIE (mshtml.dll) OBJECT tag vulnerability

OSVDB - 27475

SECTRACK - 1016001

SREASON - 781

FULLDISC - 20060423 MSIE (mshtml.dll) OBJECT tag vulnerability

FULLDISC - 20060422 Re: MSIE (mshtml.dll) OBJECT tag vulnerability


Last Updated: 27 May 2016 10:42:16