Vulnerabilities > CVE-2006-2766 - Unspecified vulnerability in Microsoft IE and Internet Explorer
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Exploit-Db
description | Microsoft Windows XP/2000/2003 MHTML URI Buffer Overflow Vulnerability. CVE-2006-2766 . Dos exploit for windows platform |
id | EDB-ID:27930 |
last seen | 2016-02-03 |
modified | 2006-05-31 |
published | 2006-05-31 |
reporter | Mr.Niega |
source | https://www.exploit-db.com/download/27930/ |
title | Microsoft Windows XP/2000/2003 MHTML URI Buffer Overflow Vulnerability |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS06-043.NASL |
description | The remote host is running a version of Microsoft Outlook Express that contains a security flaw that could allow an attacker to execute arbitrary code on the remote host. To exploit this flaw, an attacker would need to send a malformed HTML email to a victim on the remote host and have him open it. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 22185 |
published | 2006-08-08 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/22185 |
title | MS06-043: Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214) |
code |
|
Oval
accepted | 2006-10-16T15:58:40.809-04:00 | ||||||||||||||||
class | vulnerability | ||||||||||||||||
contributors |
| ||||||||||||||||
definition_extensions |
| ||||||||||||||||
description | Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file. | ||||||||||||||||
family | windows | ||||||||||||||||
id | oval:org.mitre.oval:def:441 | ||||||||||||||||
status | accepted | ||||||||||||||||
submitted | 2006-08-11T12:53:40 | ||||||||||||||||
title | MHTML Parsing Vulnerability | ||||||||||||||||
version | 70 |
References
- http://www.securityfocus.com/archive/1/435616/100/0/threaded
- http://www.securityfocus.com/archive/1/435609/100/0/threaded
- http://www.securityfocus.com/bid/18198
- http://secunia.com/advisories/20384
- http://www.us-cert.gov/cas/techalerts/TA06-220A.html
- http://www.kb.cert.org/vuls/id/891204
- http://securitytracker.com/id?1016654
- http://www.osvdb.org/25949
- http://www.vupen.com/english/advisories/2006/2088
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26810
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A441
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-043
- http://www.securityfocus.com/archive/1/435492/100/0/threaded