cvelistv5 - cve-2006-2382

CVE-2006-2382 (GCVE-0-2006-2382)

Vulnerability from cvelistv5

Published

2006-06-13 19:00

Modified

2024-08-07 17:51

Severity ?

CWE

Summary

Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decoding Memory Corruption Vulnerability."

References

URL

Tags

secure@microsoft.com	http://secunia.com/advisories/20595	Vendor Advisory
secure@microsoft.com	http://securitytracker.com/id?1016291
secure@microsoft.com	http://www.kb.cert.org/vuls/id/136849	US Government Resource
secure@microsoft.com	http://www.osvdb.org/26443
secure@microsoft.com	http://www.securityfocus.com/archive/1/436985/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/bid/18309
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA06-164A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2006/2319	Vendor Advisory
secure@microsoft.com	http://www.zerodayinitiative.com/advisories/ZDI-06-017.html	Vendor Advisory
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/26766
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1414
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1621
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1752
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1862
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1906
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1931
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20595	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016291
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/136849	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/26443
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/436985/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/18309
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-164A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2319	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-06-017.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/26766
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1414
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1621
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1752
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1862
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1906
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1931

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:51:04.675Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:1931",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1931"
          },
          {
            "name": "20595",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20595"
          },
          {
            "name": "ADV-2006-2319",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2319"
          },
          {
            "name": "1016291",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016291"
          },
          {
            "name": "oval:org.mitre.oval:def:1621",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1621"
          },
          {
            "name": "TA06-164A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
          },
          {
            "name": "VU#136849",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/136849"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-017.html"
          },
          {
            "name": "oval:org.mitre.oval:def:1862",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1862"
          },
          {
            "name": "oval:org.mitre.oval:def:1906",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1906"
          },
          {
            "name": "26443",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/26443"
          },
          {
            "name": "20060613 ZDI-06-017: Microsoft Internet Explorer UTF-8 Decoding Heap Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/436985/100/0/threaded"
          },
          {
            "name": "ie-utf8-html-execute-code(26766)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26766"
          },
          {
            "name": "18309",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18309"
          },
          {
            "name": "MS06-021",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
          },
          {
            "name": "oval:org.mitre.oval:def:1414",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1414"
          },
          {
            "name": "oval:org.mitre.oval:def:1752",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1752"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka \"HTML Decoding Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:1931",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1931"
        },
        {
          "name": "20595",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20595"
        },
        {
          "name": "ADV-2006-2319",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2319"
        },
        {
          "name": "1016291",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016291"
        },
        {
          "name": "oval:org.mitre.oval:def:1621",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1621"
        },
        {
          "name": "TA06-164A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
        },
        {
          "name": "VU#136849",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/136849"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-017.html"
        },
        {
          "name": "oval:org.mitre.oval:def:1862",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1862"
        },
        {
          "name": "oval:org.mitre.oval:def:1906",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1906"
        },
        {
          "name": "26443",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/26443"
        },
        {
          "name": "20060613 ZDI-06-017: Microsoft Internet Explorer UTF-8 Decoding Heap Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/436985/100/0/threaded"
        },
        {
          "name": "ie-utf8-html-execute-code(26766)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26766"
        },
        {
          "name": "18309",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18309"
        },
        {
          "name": "MS06-021",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
        },
        {
          "name": "oval:org.mitre.oval:def:1414",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1414"
        },
        {
          "name": "oval:org.mitre.oval:def:1752",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1752"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-2382",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka \"HTML Decoding Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:1931",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1931"
            },
            {
              "name": "20595",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20595"
            },
            {
              "name": "ADV-2006-2319",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2319"
            },
            {
              "name": "1016291",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016291"
            },
            {
              "name": "oval:org.mitre.oval:def:1621",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1621"
            },
            {
              "name": "TA06-164A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
            },
            {
              "name": "VU#136849",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/136849"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-017.html",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-017.html"
            },
            {
              "name": "oval:org.mitre.oval:def:1862",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1862"
            },
            {
              "name": "oval:org.mitre.oval:def:1906",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1906"
            },
            {
              "name": "26443",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/26443"
            },
            {
              "name": "20060613 ZDI-06-017: Microsoft Internet Explorer UTF-8 Decoding Heap Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/436985/100/0/threaded"
            },
            {
              "name": "ie-utf8-html-execute-code(26766)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26766"
            },
            {
              "name": "18309",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18309"
            },
            {
              "name": "MS06-021",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
            },
            {
              "name": "oval:org.mitre.oval:def:1414",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1414"
            },
            {
              "name": "oval:org.mitre.oval:def:1752",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1752"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2006-2382",
    "datePublished": "2006-06-13T19:00:00",
    "dateReserved": "2006-05-15T00:00:00",
    "dateUpdated": "2024-08-07T17:51:04.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-2382\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2006-06-13T19:06:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka \\\"HTML Decoding Memory Corruption Vulnerability.\\\"\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3F2A51E-2675-4993-B9C2-F2D176A92857\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D47247A3-7CD7-4D67-9D9B-A94A504DA1BE\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/20595\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016291\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.kb.cert.org/vuls/id/136849\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/26443\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/436985/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/18309\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-164A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/2319\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-06-017.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/26766\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1414\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1621\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1752\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1862\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1906\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1931\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/20595\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016291\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/136849\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/26443\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/436985/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/18309\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-164A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/2319\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-06-017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/26766\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1414\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1621\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1752\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1862\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1906\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1931\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2006-AVI-237

Vulnerability from certfr_avis

De multiples vulnérabilités ont été identifiées dans Microsoft Internet Explorer. Celles-ci permettraient à un utilisateur malveillant d'exécuter des commandes arbitraires à distance, ou collecter des informations auxquelles il ne devrait pas accéder.

Description

De multiples vulnérabilités ont été identifiées dans le navigateur Microsoft Internet Explorer. Parmi celles-ci, nous notons :

une mauvaise gestion de certaines erreurs : un utilisateur malveillant peut créer un site contenant une page particulière qui engendre volontairement une erreur. Le navigateur vulnérable des personnes visitant cette page provoque ainsi un débordement de mémoire, et l'exécution de code arbitraire sur la machine ;
une lecture non correcte de code HTML au format UTF-8 : de la même manière, un utilisateur malveillant peut créer un site contenant une page particulière utilisant cette vulnérabilité ;
un contrôle défectueux de certains ActiveX concernant DXImageTransform : il est conseillé dans la mesure du possible de refuser les ActiveX au niveau du navigateur ;
une usurpation possible de la barre d'adressage : un utilisateur malveillant peut construire une page particulière qui affiche une barre d'adressage issue d'un site authentique, mais dont le contenu est illégitime ;
un enregistrement de fichiers au format multipart HTML (.mht) non correct : un utilisateur malveillant qui arrive à persuader une personne d'enregistrer une page spécialement construite sous ce format pourrait ainsi exécuter du code arbitraire sur la machine de cette personne ;
une mauvaise manipulation des images au format ART (.art) : ce format est normalement utilisé par les logiciels d'AOL (America Online), mais Internet Explorer intègre une librairie particulière pour les afficher. Un utilisateur malveillant peut créer une page Web contenant une image ART spécialement construite, qui, une fois affichée dans le navigateur d'une personne visitant la page, entraînera l'exécution de commandes arbitraires. Un résultat identique est obtenu si l'utilisateur envoie une telle image malveillante dans un courrier électronique lu au format HTML.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Internet Explorer 6 Service Pack 1 ;
Microsoft	N/A	Internet Explorer 5.0 Service Pack 4 ;
Microsoft	N/A	Internet Explorer 6.

References

Title

Publication Time

fkie_cve-2006-2382

Vulnerability from fkie_nvd

Published

2006-06-13 19:06

Modified

2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://secunia.com/advisories/20595	Vendor Advisory
secure@microsoft.com	http://securitytracker.com/id?1016291
secure@microsoft.com	http://www.kb.cert.org/vuls/id/136849	US Government Resource
secure@microsoft.com	http://www.osvdb.org/26443
secure@microsoft.com	http://www.securityfocus.com/archive/1/436985/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/bid/18309
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA06-164A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2006/2319	Vendor Advisory
secure@microsoft.com	http://www.zerodayinitiative.com/advisories/ZDI-06-017.html	Vendor Advisory
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/26766
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1414
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1621
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1752
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1862
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1906
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1931
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20595	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016291
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/136849	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/26443
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/436985/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/18309
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-164A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2319	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-06-017.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/26766
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1414
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1621
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1752
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1862
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1906
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1931

Impacted products

	Vendor	Product	Version
	microsoft	internet_explorer	5.01
	microsoft	internet_explorer	6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka \"HTML Decoding Memory Corruption Vulnerability.\""
    }
  ],
  "id": "CVE-2006-2382",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-06-13T19:06:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20595"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://securitytracker.com/id?1016291"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/136849"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.osvdb.org/26443"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/436985/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/18309"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2319"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-017.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26766"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1414"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1621"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1752"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1862"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1906"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20595"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016291"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/136849"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/26443"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/436985/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/18309"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2319"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26766"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1414"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1752"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1862"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1906"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1931"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2006-2382

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2006-2382

Aliases

CVE-2006-2382

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-2382",
    "description": "Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka \"HTML Decoding Memory Corruption Vulnerability.\"",
    "id": "GSD-2006-2382"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-2382"
      ],
      "details": "Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka \"HTML Decoding Memory Corruption Vulnerability.\"",
      "id": "GSD-2006-2382",
      "modified": "2023-12-13T01:19:52.417314Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2006-2382",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka \"HTML Decoding Memory Corruption Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "oval:org.mitre.oval:def:1931",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1931"
          },
          {
            "name": "20595",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20595"
          },
          {
            "name": "ADV-2006-2319",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/2319"
          },
          {
            "name": "1016291",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016291"
          },
          {
            "name": "oval:org.mitre.oval:def:1621",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1621"
          },
          {
            "name": "TA06-164A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
          },
          {
            "name": "VU#136849",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/136849"
          },
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-017.html",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-017.html"
          },
          {
            "name": "oval:org.mitre.oval:def:1862",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1862"
          },
          {
            "name": "oval:org.mitre.oval:def:1906",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1906"
          },
          {
            "name": "26443",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/26443"
          },
          {
            "name": "20060613 ZDI-06-017: Microsoft Internet Explorer UTF-8 Decoding Heap Overflow Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/436985/100/0/threaded"
          },
          {
            "name": "ie-utf8-html-execute-code(26766)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26766"
          },
          {
            "name": "18309",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/18309"
          },
          {
            "name": "MS06-021",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
          },
          {
            "name": "oval:org.mitre.oval:def:1414",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1414"
          },
          {
            "name": "oval:org.mitre.oval:def:1752",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1752"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-2382"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka \"HTML Decoding Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-06-017.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-017.html"
            },
            {
              "name": "VU#136849",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/136849"
            },
            {
              "name": "18309",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/18309"
            },
            {
              "name": "TA06-164A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
            },
            {
              "name": "1016291",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016291"
            },
            {
              "name": "20595",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/20595"
            },
            {
              "name": "26443",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/26443"
            },
            {
              "name": "ADV-2006-2319",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2319"
            },
            {
              "name": "ie-utf8-html-execute-code(26766)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26766"
            },
            {
              "name": "oval:org.mitre.oval:def:1931",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1931"
            },
            {
              "name": "oval:org.mitre.oval:def:1906",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1906"
            },
            {
              "name": "oval:org.mitre.oval:def:1862",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1862"
            },
            {
              "name": "oval:org.mitre.oval:def:1752",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1752"
            },
            {
              "name": "oval:org.mitre.oval:def:1621",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1621"
            },
            {
              "name": "oval:org.mitre.oval:def:1414",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1414"
            },
            {
              "name": "MS06-021",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
            },
            {
              "name": "20060613 ZDI-06-017: Microsoft Internet Explorer UTF-8 Decoding Heap Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/436985/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2021-07-23T12:19Z",
      "publishedDate": "2006-06-13T19:06Z"
    }
  }
}

ghsa-vpj9-hh25-j7q3

Vulnerability from github

Published

2022-05-01 06:58

Modified

2022-05-01 06:58

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-2382"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-06-13T19:06:00Z",
    "severity": "HIGH"
  },
  "details": "Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka \"HTML Decoding Memory Corruption Vulnerability.\"",
  "id": "GHSA-vpj9-hh25-j7q3",
  "modified": "2022-05-01T06:58:39Z",
  "published": "2022-05-01T06:58:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2382"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26766"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1414"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1621"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1752"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1862"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1906"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1931"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20595"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016291"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/136849"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/26443"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/436985/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/18309"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/2319"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-017.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2006-2382 (GCVE-0-2006-2382)

Vulnerability from cvelistv5

CERTA-2006-AVI-237

Vulnerability from certfr_avis

Description

Solution

fkie_cve-2006-2382

Vulnerability from fkie_nvd

gsd-2006-2382

Vulnerability from gsd

ghsa-vpj9-hh25-j7q3

Vulnerability from github

Tags

Sightings

Nomenclature