Vulnerability Name: | CVE-2006-1992 (CCN-25978) | ||||||||
Assigned: | 2006-04-23 | ||||||||
Published: | 2006-04-23 | ||||||||
Updated: | 2021-07-23 | ||||||||
Summary: | mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. Note: the possibility of code execution was originally theorized, but Microsoft has stated that this issue is non-exploitable. | ||||||||
CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
CVSS v2 Severity: | 2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
| ||||||||
Vulnerability Type: | CWE-399 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: CCN Type: BugTraq Mailing List, Sat Apr 22 2006 - 18:30:03 CDT MSIE (mshtml.dll) OBJECT tag vulnerability Source: CCN Type: Full-Disclosure Mailing List, Sat Apr 22 2006 - 18:30:03 CDT MSIE (mshtml.dll) OBJECT tag vulnerability Source: FULLDISC Type: UNKNOWN 20060422 Re: MSIE (mshtml.dll) OBJECT tag vulnerability Source: MITRE Type: CNA CVE-2006-1992 Source: FULLDISC Type: UNKNOWN 20060423 MSIE (mshtml.dll) OBJECT tag vulnerability Source: CCN Type: SA19762 Internet Explorer Exception Handling Memory Corruption Vulnerability Source: SECUNIA Type: Patch, Vendor Advisory 19762 Source: SREASON Type: UNKNOWN 781 Source: CCN Type: SECTRACK ID: 1016001 Microsoft Internet Explorer Bug in Processing Nested OBJECT Tags Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: Exploit 1016001 Source: CCN Type: SECTRACK ID: 1016291 Microsoft Internet Explorer Multiple Memory and Access Control Errors Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: Patch 1016291 Source: CCN Type: Microsoft Corporation Web site MS06-021: Cumulative security update for Internet Explorer Source: OSVDB Type: UNKNOWN 27475 Source: CCN Type: OSVDB ID: 24966 Microsoft IE object Tag Memory Corruption Arbitrary Code Execution Source: CCN Type: OSVDB ID: 27475 Microsoft IE Nested Objects Exception Handler Unspecified Memory Corruption Source: BUGTRAQ Type: UNKNOWN 20060422 MSIE (mshtml.dll) OBJECT tag vulnerability Source: BID Type: Exploit 17658 Source: CCN Type: BID-17658 Microsoft Internet Explorer Nested OBJECT Tag Memory Corruption Vulnerability Source: VUPEN Type: Vendor Advisory ADV-2006-1507 Source: MS Type: UNKNOWN MS06-021 Source: XF Type: UNKNOWN ie-object-memory-corruption(25978) Source: XF Type: UNKNOWN ie-object-memory-corruption(25978) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |