Vulnerabilities > CVE-2006-3899 - Unspecified vulnerability in Microsoft Internet Explorer 6.0

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

microsoft

exploit available

NVD

Published: 2006-07-27

Updated: 2021-12-13

Summary

Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen function.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Internet Explorer 6.0	3
OS	Microsoft Microsoft Windows XP -	1

Exploit-Db

description	Microsoft Internet Explorer 6.0 String To Binary Function Denial Of Service Vulnerability. CVE-2006-3899 . Dos exploit for windows platform
id	EDB-ID:28252
last seen	2016-02-03
modified	2006-07-20
published	2006-07-20
reporter	hdm
source	https://www.exploit-db.com/download/28252/
title	Microsoft Internet Explorer 6.0 String To Binary Function Denial of Service Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References