CVE-2006-7066

2007-02-2718:00:00

mitre

www.cve.org

6.6 Medium

AI Score

Confidence

High

0.203 Low

EPSS

Percentile

96.4%

JSON

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.

References

archives.neohapsis.com/archives/bugtraq/2009-07/0193.html

blogs.securiteam.com/index.php/archives/554

browserfun.blogspot.com/2006/07/mobb-30-orphan-object-properties.html

websecurity.com.ua/3130/

www.osvdb.org/27533

www.securityfocus.com/bid/19228

exchange.xforce.ibmcloud.com/vulnerabilities/28068