CVE-2006-1359

Published: Mar 23, 2006Modified: Apr 16, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.

Affected (4)

Products: Microsoft: Ie, Internet Explorer

Microsoft

2 products

Internet Explorer

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Microsoft Ie	Version 6.0 sp1
Microsoft Ie	Version 6.0 sp2
Microsoft Ie	Version 7.0 beta_2
Microsoft Internet Explorer	Version 6.0

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (56)

http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1427.html

Source: secure@microsoft.com

http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1430.html

Source: secure@microsoft.com

http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1434.html

Source: secure@microsoft.com

http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1662.html

Source: secure@microsoft.com

http://secunia.com/advisories/18680

Source: secure@microsoft.com

Vendor Advisory

http://secunia.com/secunia_research/2006-7/advisory/

Source: secure@microsoft.com

http://securitytracker.com/id?1015812

Source: secure@microsoft.com

http://www.ciac.org/ciac/bulletins/q-154.shtml

Source: secure@microsoft.com

http://www.computerterrorism.com/research/ct22-03-2006

Source: secure@microsoft.com

Vendor Advisory

http://www.kb.cert.org/vuls/id/876678

Source: secure@microsoft.com

US Government Resource

http://www.microsoft.com/technet/security/advisory/917077.mspx

Source: secure@microsoft.com

http://www.osvdb.org/24050

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/428441

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/428583/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/428600/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/429088/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/429124/30/6120/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/bid/17196

Source: secure@microsoft.com

Exploit

http://www.us-cert.gov/cas/techalerts/TA06-101A.html

Source: secure@microsoft.com

US Government Resource

http://www.vupen.com/english/advisories/2006/1050

Source: secure@microsoft.com

http://www.vupen.com/english/advisories/2006/1318

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013

Source: secure@microsoft.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/25379

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1178

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1657

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1678

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1702

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A985

Source: secure@microsoft.com

http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1427.html