Microsoft Internet Explorer 6 - Nested OBJECT Tag Memory Corruption

Author: Michal Zalewski
type: dos
platform: windows
port: 
date_added: 2006-04-22 
date_updated: 2013-08-21 
verified: 1 
codes: CVE-2006-1992;OSVDB-24966 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/17658/info

Microsoft Internet Explorer is prone to a memory-corruption vulnerability. This issue is due to a flaw in the application in handling nested OBJECT tags in HTML content.

An attacker could exploit this issue via a malicious web page to potentially execute arbitrary code in the context of the currently logged-in user, but this has not been confirmed. Exploit attempts likely result in crashing the affected application. Attackers could exploit this issue through HTML email/newsgroup postings or through other applications that employ the affected component.

Microsoft Internet Explorer 6 for Microsoft Windows XP SP2 is reportedly vulnerable to this issue; other versions may also be affected.

perl -e '{print "<STYLE></STYLE>\n<OBJECT>\nBork\n"x32}' >test.html