← back
CVE-2006-7206

CVE-2006-7206

EPSS 22.1%
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with a long string argument, which causes an "invalid memory access" in the SysFreeString function, a different issue than CVE-2006-3510 and CVE-2006-3899.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/3577unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://browserfun.blogspot.com/2006/07/mobb-29-adodbrecordset-nextrecordset.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/28066http://www.osvdb.org/27532http://www.securityfocus.com/bid/19227