CVE-2006-7066
CVE-2006-7066
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/28301unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://archives.neohapsis.com/archives/bugtraq/2009-07/0193.htmlhttp://blogs.securiteam.com/index.php/archives/554http://browserfun.blogspot.com/2006/07/mobb-30-orphan-object-properties.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/28068http://websecurity.com.ua/3130/http://www.osvdb.org/27533http://www.securityfocus.com/bid/19228