Unrated severityNVD Advisory· Published Mar 2, 2007· Updated Jun 16, 2026
CVE-2006-7066
CVE-2006-7066
Description
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6.0:sp2:*:*:*:*:*:*
- (no CPE)range: <=7.0.0.16473 (6 on XP SP2)
Patches
Vulnerability mechanics
References
7- www.securityfocus.com/bid/19228nvdExploitThird Party AdvisoryVDB Entry
- websecurity.com.ua/3130/nvdThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/28068nvdThird Party AdvisoryVDB Entry
- archives.neohapsis.com/archives/bugtraq/2009-07/0193.htmlnvdBroken Link
- blogs.securiteam.com/index.php/archives/554nvdPermissions Required
- browserfun.blogspot.com/2006/07/mobb-30-orphan-object-properties.htmlnvdBroken Link
- www.osvdb.org/27533nvdBroken Link
News mentions
0No linked articles in our index yet.