QwikSec

Security Database

CVE

CWE

Training

CVE-2006-7206

Published: Jun 22, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with a long string argument, which causes an "invalid memory access" in the SysFreeString function, a different issue than CVE-2006-3510 and CVE-2006-3899.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://browserfun.blogspot.com/2006/07/mobb-29-adodbrecordset-nextrecordset.html

x_refsource_MISC

vdb-entry

x_refsource_OSVDB

ie-adodbrecordset-dos(28066)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.