CVE-2006-2218 - Unspecified vulnerability in Microsoft Internet Explorer 6.0

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Internet Explorer 6.0	1
OS	Microsoft Microsoft Windows XP *	1

Nessus

NASL family	Windows : Microsoft Bulletins
NASL id	SMB_NT_MS06-021.NASL
description	The remote host is missing the IE cumulative security update 916281. The remote version of IE is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host.
last seen	2020-06-01
modified	2020-06-02
plugin id	21685
published	2006-06-13
reporter	This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/21685
title	MS06-021: Cumulative Security Update for Internet Explorer (916281)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(21685); script_version("1.43"); script_cvs_date("Date: 2018/11/15 20:50:30"); script_cve_id( "CVE-2006-1626", "CVE-2006-1303", "CVE-2006-2218", "CVE-2006-2382", "CVE-2006-2383", "CVE-2006-2384", "CVE-2006-2385" ); script_bugtraq_id(17404, 17820, 18303, 18309, 18320, 18321, 18328); script_xref(name:"CERT", value:"136849"); script_xref(name:"CERT", value:"417585"); script_xref(name:"CERT", value:"338828"); script_xref(name:"MSFT", value:"MS06-021"); script_xref(name:"MSKB", value:"916281"); script_name(english:"MS06-021: Cumulative Security Update for Internet Explorer (916281)"); script_summary(english:"Determines the presence of update 912812"); script_set_attribute(attribute:"synopsis", value: "Arbitrary code can be executed on the remote host through the web client."); script_set_attribute(attribute:"description", value: "The remote host is missing the IE cumulative security update 916281. The remote version of IE is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2006/ms06-021"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for Windows 2000, XP and 2003."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 94, 119, 200); script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/03"); script_set_attribute(attribute:"patch_publication_date", value:"2006/06/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/06/13"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"Windows : Microsoft Bulletins"); script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } include("audit.inc"); include("smb_hotfixes_fcheck.inc"); include("smb_hotfixes.inc"); include("smb_func.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS06-021'; kb = '916281'; kbs = make_list(kb); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE); get_kb_item_or_exit("SMB/Registry/Enumerated"); get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1); if (hotfix_check_sp_range(win2k:'4,5', xp:'1,2', win2003:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN); rootfile = hotfix_get_systemroot(); if (!rootfile) exit(1, "Failed to get the system root."); share = hotfix_path2share(path:rootfile); if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share); if ( hotfix_is_vulnerable(os:"5.2", sp:0, file:"Mshtml.dll", version:"6.0.3790.536", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.2", sp:1, file:"Mshtml.dll", version:"6.0.3790.2706", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.1", sp:1, file:"Mshtml.dll", version:"6.0.2800.1555", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.1", sp:2, file:"Mshtml.dll", version:"6.0.2900.2912", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.0", file:"Mshtml.dll", version:"6.0.2800.1555", min_version:"6.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) \|\| hotfix_is_vulnerable(os:"5.0", file:"Mshtml.dll", version:"5.0.3841.1900", dir:"\system32", bulletin:bulletin, kb:kb) ) { set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE); hotfix_security_hole(); hotfix_check_fversion_end(); exit(0); } else { hotfix_check_fversion_end(); audit(AUDIT_HOST_NOT, 'affected'); }

Oval

accepted

2011-05-16T04:00:17.644-04:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.

description

Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.

family

windows

id

oval:org.mitre.oval:def:1078

status

accepted

submitted

2006-06-14T09:55:00.000-04:00

title

Exception Handling Memory Corruption Vulnerability (S03,SP1)

version

68

accepted

2011-05-16T04:01:40.535-04:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Jonathan Baker
organization The MITRE Corporation
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.

description

Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.

family

windows

id

oval:org.mitre.oval:def:1728

status

accepted

submitted

2006-06-14T09:55:00.000-04:00

title

Exception Handling Memory Corruption Vulnerability (WinS03)

version

68

accepted

2014-02-24T04:00:23.098-05:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.
name Maria Mikhno
organization ALTX-SOFT

description

Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.

family

windows

id

oval:org.mitre.oval:def:1765

status

accepted

submitted

2006-06-14T09:55:00.000-04:00

title

Exception Handling Memory Corruption Vulnerability (2K/XP)

version

71

accepted

2011-05-16T04:01:46.326-04:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Dragos Prisaca
organization Gideon Technologies, Inc.
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.

description

Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.

family

windows

id

oval:org.mitre.oval:def:1768

status

accepted

submitted

2006-06-14T09:55:00.000-04:00

title

Exception Handling Memory Corruption Vulnerability (XP,SP2)

version

69

accepted

2014-02-24T04:00:24.392-05:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Anna Min
organization BigFix, Inc
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.
name Maria Mikhno
organization ALTX-SOFT

description

Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.

family

windows

id

oval:org.mitre.oval:def:1845

status

accepted

submitted

2006-06-14T09:55:00.000-04:00

title

Exception Handling Memory Corruption Vulnerability (Win2k)

version

71

accepted

2011-05-16T04:02:10.263-04:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.

description

Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.

family

windows

id

oval:org.mitre.oval:def:1961

status

accepted

submitted

2006-06-14T09:55:00.000-04:00

title

Exception Handling Memory Corruption Vulnerability(64-bit XP)

version

68

Vulnerabilities > CVE-2006-2218 - Unspecified vulnerability in Microsoft Internet Explorer 6.0

Summary

Vulnerable Configurations

Nessus

Oval

References