Lucene search

[email protected]CVE-2006-7206

HistoryJun 22, 2007 - 12:30 a.m.

CVE-2006-7206

2007-06-2200:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-7206

microsoft internet explorer

windows xp

denial of service

adodb.recordset

remote attack

6.8 Medium

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.195 Low

EPSS

Percentile

96.2%

JSON

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with a long string argument, which causes an “invalid memory access” in the SysFreeString function, a different issue than CVE-2006-3510 and CVE-2006-3899.

CPENameOperatorVersion
microsoft:internet_explorermicrosoft internet explorereq6

CPE	Name	Operator	Version
microsoft:internet_explorer	microsoft internet explorer	eq	6

References

browserfun.blogspot.com/2006/07/mobb-29-adodbrecordset-nextrecordset.html

www.osvdb.org/27532

www.securityfocus.com/bid/19227

exchange.xforce.ibmcloud.com/vulnerabilities/28066

6.8 Medium

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.195 Low

EPSS

Percentile

96.2%

JSON

Related for CVE-2006-7206

cve2 checkpoint_advisories1