ID CVE-2006-2218
Summary Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992. Failed exploit attempts will likely crash the affected application.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 18-10-2018 - 16:38)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2011-05-16T04:00:17.644-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.
    family windows
    id oval:org.mitre.oval:def:1078
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title Exception Handling Memory Corruption Vulnerability (S03,SP1)
    version 67
  • accepted 2011-05-16T04:01:40.535-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.
    family windows
    id oval:org.mitre.oval:def:1728
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title Exception Handling Memory Corruption Vulnerability (WinS03)
    version 67
  • accepted 2014-02-24T04:00:23.098-05:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.
    family windows
    id oval:org.mitre.oval:def:1765
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title Exception Handling Memory Corruption Vulnerability (2K/XP)
    version 70
  • accepted 2011-05-16T04:01:46.326-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.
    family windows
    id oval:org.mitre.oval:def:1768
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title Exception Handling Memory Corruption Vulnerability (XP,SP2)
    version 68
  • accepted 2014-02-24T04:00:24.392-05:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Anna Min
      organization BigFix, Inc
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.
    family windows
    id oval:org.mitre.oval:def:1845
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title Exception Handling Memory Corruption Vulnerability (Win2k)
    version 70
  • accepted 2011-05-16T04:02:10.263-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.
    family windows
    id oval:org.mitre.oval:def:1961
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title Exception Handling Memory Corruption Vulnerability(64-bit XP)
    version 67
refmap via4
bid 17820
bugtraq 20060614 Secunia Resaerch: Internet Explorer Exception Handling Memory Corruption Vulnerability
cert TA06-164A
cert-vn VU#338828
misc http://secunia.com/secunia_research/2006-41/advisory
ms MS06-021
osvdb 27475
sectrack 1016291
secunia 19762
vupen ADV-2006-2319
Last major update 18-10-2018 - 16:38
Published 05-05-2006 - 12:46
Back to Top