Vulnerabilities > CVE-2006-1245 - Buffer Overflow vulnerability in Microsoft IE 6.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description MS Internet Explorer (HTML Tag) Memory Corruption (MS06-013). CVE-2006-1185,CVE-2006-1186,CVE-2006-1188,CVE-2006-1189,CVE-2006-1190,CVE-2006-1191,CVE-2006-11... id EDB-ID:1838 last seen 2016-01-31 modified 2006-05-27 published 2006-05-27 reporter Thomas Waldegger source https://www.exploit-db.com/download/1838/ title Microsoft Internet Explorer HTML Tag Memory Corruption MS06-013 description Microsoft Internet Explorer 5.0.1 Script Action Handler Buffer Overflow Vulnerability. CVE-2006-1245. Dos exploit for windows platform id EDB-ID:27433 last seen 2016-02-03 modified 2006-03-16 published 2006-03-16 reporter Michal Zalewski source https://www.exploit-db.com/download/27433/ title Microsoft Internet Explorer 5.0.1 Script Action Handler Buffer Overflow Vulnerability
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS06-013.NASL |
| description | The remote host is missing IE Cumulative Security Update 912812. The remote version of IE is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 21210 |
| published | 2006-04-11 |
| reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/21210 |
| title | MS06-013: Cumulative Security Update for Internet Explorer (912812) |
Oval
accepted 2014-02-24T04:00:17.520-05:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Anna Min organization BigFix, Inc name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc. name Maria Mikhno organization ALTX-SOFT
description Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability." family windows id oval:org.mitre.oval:def:1451 status accepted submitted 2006-04-12T12:55:00.000-04:00 title IE5 Multiple Event Handler Memory Corruption (Win2K) version 71 accepted 2014-02-24T04:00:20.333-05:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Matthew Wojcik organization The MITRE Corporation name Preeti Subramanian organization SecPod Technologies name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc. name Maria Mikhno organization ALTX-SOFT
description Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability." family windows id oval:org.mitre.oval:def:1569 status accepted submitted 2006-04-12T12:55:00.000-04:00 title IE6 Multiple Event Handler Memory Corruption (Win2K/XP,SP1) version 73 accepted 2011-05-16T04:01:23.719-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Dragos Prisaca organization Gideon Technologies, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability." family windows id oval:org.mitre.oval:def:1599 status accepted submitted 2006-04-12T12:55:00.000-04:00 title IE6 Multiple Event Handler Memory Corruption (WinXP) version 69 accepted 2011-05-16T04:01:28.219-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Jonathan Baker organization The MITRE Corporation name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability." family windows id oval:org.mitre.oval:def:1632 status accepted submitted 2006-04-12T12:55:00.000-04:00 title IE6 Multiple Event Handler Memory Corruption (Server 2003) version 68 accepted 2011-05-16T04:01:45.678-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability." family windows id oval:org.mitre.oval:def:1766 status accepted submitted 2006-04-12T12:55:00.000-04:00 title IE6 Multiple Event Handler Memory Corruption (Server 2003,SP1) version 68
References
- http://archives.neohapsis.com/archives/bugtraq/2006-02/0855.html
- http://secunia.com/advisories/18957
- http://secunia.com/advisories/19269
- http://securitytracker.com/id?1015794
- http://www.kb.cert.org/vuls/id/984473
- http://www.osvdb.org/23964
- http://www.securityfocus.com/archive/1/428810/100/0/threaded
- http://www.securityfocus.com/archive/1/453436/100/0/threaded
- http://www.securityfocus.com/archive/1/453554/100/0/threaded
- http://www.securityfocus.com/bid/17131
- http://www.us-cert.gov/cas/techalerts/TA06-101A.html
- http://www.vupen.com/english/advisories/2006/1318
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25292
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1451
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1569
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1599
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1632
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1766