ID CVE-2006-3357
Summary Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) in Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code by repeatedly setting the Image field of an Internet.HHCtrl.1 object to certain values, possibly related to improper escaping and long strings.
References
Vulnerable Configurations
  • Microsoft Internet Explorer 6.0
    cpe:2.3:a:microsoft:ie:6.0
CVSS
Base: 7.5 (as of 06-07-2006 - 17:51)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS06-046.NASL
description The remote host contains a version of the HTML Help ActiveX control that could allow an attacker to execute arbitrary code on the remote host by constructing a malicious web page and entice a victim to visit this web page.
last seen 2019-02-21
modified 2018-11-15
plugin id 22188
published 2006-08-08
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=22188
title MS06-046: Vulnerability in HTML Help Could Allow Remote Code Execution (922616)
oval via4
accepted 2011-05-09T04:01:09.767-04:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Shane Shaffer
    organization G2, Inc.
definition_extensions
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Windows XP SP1 (32-bit) is installed
    oval oval:org.mitre.oval:def:1
  • comment Microsoft Windows XP SP2 or later is installed
    oval oval:org.mitre.oval:def:521
  • comment Microsoft Windows XP SP1 (64-bit) is installed
    oval oval:org.mitre.oval:def:480
  • comment Microsoft Windows Server 2003 (x86) Gold is installed
    oval oval:org.mitre.oval:def:165
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
description Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) in Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code by repeatedly setting the Image field of an Internet.HHCtrl.1 object to certain values, possibly related to improper escaping and long strings.
family windows
id oval:org.mitre.oval:def:13
status accepted
submitted 2006-08-11T12:53:40
title Buffer Overrun in HTML Help Vulnerability
version 68
refmap via4
bid 18769
bugtraq 20060808 TSRT-06-08: Microsoft Internet Help COM Object Memory Corruption Vulnerability
cert TA06-220A
cert-vn VU#159220
misc
ms MS06-046
osvdb 26835
sectrack 1016434
secunia 20906
vupen
  • ADV-2006-2634
  • ADV-2006-2635
xf ie-hhctrl-bo(27573)
Last major update 07-03-2011 - 21:38
Published 06-07-2006 - 16:05
Last modified 18-10-2018 - 12:47
Back to Top