CVE-2006-1245

Properties

Published:
15.03.2006
Updated:
26.02.2008
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Product:
Microsoft: Internet Explorer

Vulnerability description

Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the"Multiple Event Handler Memory Corruption Vulnerability."

References:

BUGTRAQ: http://archives.neohapsis.com/archives/bugtraq/2006-02/0855.html
BID: http://www.securityfocus.com/bid/17131
SECUNIA: http://secunia.com/advisories/19269
XF: http://xforce.iss.net/xforce/xfdb/25292
BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/428810/100/0/threaded
OSVDB: http://www.osvdb.org/23964
SECTRACK: http://securitytracker.com/id?1015794
MS: http://www.microsoft.com/technet/security/bulletin/ms06-013.mspx
CERT: http://www.us-cert.gov/cas/techalerts/TA06-101A.html
CERT-VN: http://www.kb.cert.org/vuls/id/984473
FRSIRT: http://www.frsirt.com/english/advisories/2006/1318
SECUNIA: http://secunia.com/advisories/18957
OVAL: http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1451
OVAL: http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1569
OVAL: http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1599
OVAL: http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1632
OVAL: http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1766
BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/453436/100/0/threaded
BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/453554/100/0/threaded