ID CVE-2006-2766
Summary Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:7.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:7.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:7.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:7.0:beta2:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 18-10-2018 - 16:41)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:H/Au:N/C:N/I:N/A:P
oval via4
accepted 2006-10-16T15:58:40.809-04:00
class vulnerability
contributors
name Robert L. Hollis
organization ThreatGuard, Inc.
definition_extensions
  • comment Microsoft Windows XP SP2 or later is installed
    oval oval:org.mitre.oval:def:521
  • comment Microsoft Windows XP SP1 (64-bit) is installed
    oval oval:org.mitre.oval:def:480
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Windows Server 2003 (x86) Gold is installed
    oval oval:org.mitre.oval:def:165
description Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file.
family windows
id oval:org.mitre.oval:def:441
status accepted
submitted 2006-08-11T12:53:40
title MHTML Parsing Vulnerability
version 67
refmap via4
bid 18198
bugtraq
  • 20060531 Internet explorer Vulnerbility
  • 20060601 RE: Internet explorer Vulnerbility
  • 20060601 Re: Internet explorer Vulnerbility
cert TA06-220A
cert-vn VU#891204
ms MS06-043
osvdb 25949
sectrack 1016654
secunia 20384
vupen ADV-2006-2088
xf ie-mhtml-mid-bo(26810)
vulnerable_product via4
  • cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:7.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:7.0:beta2:*:*:*:*:*:*
Last major update 18-10-2018 - 16:41
Published 02-06-2006 - 10:18
Back to Top