cvelistv5 - cve-2006-2218

CVE-2006-2218 (GCVE-0-2006-2218)

Vulnerability from cvelistv5 – Published: 2006-05-05 10:00 – Updated: 2024-08-07 17:43

Summary

Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/secunia_research/2006-41/advisory	x_refsource_MISC
	http://www.vupen.com/english/advisories/2006/2319	vdb-entryx_refsource_VUPEN
	http://securitytracker.com/id?1016291	vdb-entryx_refsource_SECTRACK
	http://www.us-cert.gov/cas/techalerts/TA06-164A.html	third-party-advisoryx_refsource_CERT
	http://www.securityfocus.com/archive/1/437099/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/17820	vdb-entryx_refsource_BID
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.osvdb.org/27475	vdb-entryx_refsource_OSVDB
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.kb.cert.org/vuls/id/338828	third-party-advisoryx_refsource_CERT-VN
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/19762	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:43:28.024Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:1768",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1768"
          },
          {
            "name": "oval:org.mitre.oval:def:1961",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1961"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2006-41/advisory"
          },
          {
            "name": "ADV-2006-2319",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2319"
          },
          {
            "name": "1016291",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016291"
          },
          {
            "name": "TA06-164A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
          },
          {
            "name": "20060614 Secunia Resaerch: Internet Explorer Exception Handling Memory Corruption Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/437099/100/0/threaded"
          },
          {
            "name": "17820",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17820"
          },
          {
            "name": "oval:org.mitre.oval:def:1078",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1078"
          },
          {
            "name": "27475",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/27475"
          },
          {
            "name": "oval:org.mitre.oval:def:1845",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1845"
          },
          {
            "name": "VU#338828",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/338828"
          },
          {
            "name": "oval:org.mitre.oval:def:1728",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1728"
          },
          {
            "name": "MS06-021",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
          },
          {
            "name": "oval:org.mitre.oval:def:1765",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1765"
          },
          {
            "name": "19762",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19762"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-05-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via \"exceptional conditions\" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:1768",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1768"
        },
        {
          "name": "oval:org.mitre.oval:def:1961",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1961"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2006-41/advisory"
        },
        {
          "name": "ADV-2006-2319",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2319"
        },
        {
          "name": "1016291",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016291"
        },
        {
          "name": "TA06-164A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
        },
        {
          "name": "20060614 Secunia Resaerch: Internet Explorer Exception Handling Memory Corruption Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/437099/100/0/threaded"
        },
        {
          "name": "17820",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17820"
        },
        {
          "name": "oval:org.mitre.oval:def:1078",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1078"
        },
        {
          "name": "27475",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/27475"
        },
        {
          "name": "oval:org.mitre.oval:def:1845",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1845"
        },
        {
          "name": "VU#338828",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/338828"
        },
        {
          "name": "oval:org.mitre.oval:def:1728",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1728"
        },
        {
          "name": "MS06-021",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
        },
        {
          "name": "oval:org.mitre.oval:def:1765",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1765"
        },
        {
          "name": "19762",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19762"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2218",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via \"exceptional conditions\" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:1768",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1768"
            },
            {
              "name": "oval:org.mitre.oval:def:1961",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1961"
            },
            {
              "name": "http://secunia.com/secunia_research/2006-41/advisory",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2006-41/advisory"
            },
            {
              "name": "ADV-2006-2319",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2319"
            },
            {
              "name": "1016291",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016291"
            },
            {
              "name": "TA06-164A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
            },
            {
              "name": "20060614 Secunia Resaerch: Internet Explorer Exception Handling Memory Corruption Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/437099/100/0/threaded"
            },
            {
              "name": "17820",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17820"
            },
            {
              "name": "oval:org.mitre.oval:def:1078",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1078"
            },
            {
              "name": "27475",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/27475"
            },
            {
              "name": "oval:org.mitre.oval:def:1845",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1845"
            },
            {
              "name": "VU#338828",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/338828"
            },
            {
              "name": "oval:org.mitre.oval:def:1728",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1728"
            },
            {
              "name": "MS06-021",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
            },
            {
              "name": "oval:org.mitre.oval:def:1765",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1765"
            },
            {
              "name": "19762",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19762"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-2218",
    "datePublished": "2006-05-05T10:00:00",
    "dateReserved": "2006-05-05T00:00:00",
    "dateUpdated": "2024-08-07T17:43:28.024Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A19F6133-25D1-44A5-B6B9-354703436783\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B339C33-8896-4896-88FF-88E74FDBC543\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via \\\"exceptional conditions\\\" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.\"}]",
      "evaluatorSolution": "Failed exploit attempts will likely crash the affected application.",
      "id": "CVE-2006-2218",
      "lastModified": "2024-11-21T00:10:48.957",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2006-05-05T12:46:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/19762\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/secunia_research/2006-41/advisory\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1016291\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/338828\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/27475\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/437099/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/17820\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA06-164A.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2319\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1078\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1728\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1765\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1768\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1845\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1961\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/19762\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/secunia_research/2006-41/advisory\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1016291\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/338828\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/27475\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/437099/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/17820\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA06-164A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2319\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1078\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1728\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1765\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1768\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1845\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1961\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-2218\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-05-05T12:46:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via \\\"exceptional conditions\\\" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A19F6133-25D1-44A5-B6B9-354703436783\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B339C33-8896-4896-88FF-88E74FDBC543\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/19762\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/secunia_research/2006-41/advisory\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016291\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/338828\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/27475\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/437099/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/17820\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-164A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/2319\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1078\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1728\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1765\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1768\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1845\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1961\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/19762\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/secunia_research/2006-41/advisory\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016291\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/338828\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/27475\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/437099/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/17820\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-164A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/2319\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1078\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1728\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1765\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1768\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1845\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1961\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorSolution\":\"Failed exploit attempts will likely crash the affected application.\"}}"
  }
}

CERTA-2006-AVI-237

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été identifiées dans Microsoft Internet Explorer. Celles-ci permettraient à un utilisateur malveillant d'exécuter des commandes arbitraires à distance, ou collecter des informations auxquelles il ne devrait pas accéder.

Description

De multiples vulnérabilités ont été identifiées dans le navigateur Microsoft Internet Explorer. Parmi celles-ci, nous notons :

une mauvaise gestion de certaines erreurs : un utilisateur malveillant peut créer un site contenant une page particulière qui engendre volontairement une erreur. Le navigateur vulnérable des personnes visitant cette page provoque ainsi un débordement de mémoire, et l'exécution de code arbitraire sur la machine ;
une lecture non correcte de code HTML au format UTF-8 : de la même manière, un utilisateur malveillant peut créer un site contenant une page particulière utilisant cette vulnérabilité ;
un contrôle défectueux de certains ActiveX concernant DXImageTransform : il est conseillé dans la mesure du possible de refuser les ActiveX au niveau du navigateur ;
une usurpation possible de la barre d'adressage : un utilisateur malveillant peut construire une page particulière qui affiche une barre d'adressage issue d'un site authentique, mais dont le contenu est illégitime ;
un enregistrement de fichiers au format multipart HTML (.mht) non correct : un utilisateur malveillant qui arrive à persuader une personne d'enregistrer une page spécialement construite sous ce format pourrait ainsi exécuter du code arbitraire sur la machine de cette personne ;
une mauvaise manipulation des images au format ART (.art) : ce format est normalement utilisé par les logiciels d'AOL (America Online), mais Internet Explorer intègre une librairie particulière pour les afficher. Un utilisateur malveillant peut créer une page Web contenant une image ART spécialement construite, qui, une fois affichée dans le navigateur d'une personne visitant la page, entraînera l'exécution de commandes arbitraires. Un résultat identique est obtenu si l'utilisateur envoie une telle image malveillante dans un courrier électronique lu au format HTML.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Internet Explorer 6 Service Pack 1 ;
Microsoft	N/A	Internet Explorer 5.0 Service Pack 4 ;
Microsoft	N/A	Internet Explorer 6.

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 13 juin 2006	None	vendor-advisory
Bulletin de sécurité Microsoft MS06-021 du 13 juin 2006 :	-	other
Bulletin de sécurité Microsoft MS06-022 du 13 juin 2006 :	-	other
Bulletin de sécurité Microsoft MS06-022 du 13 juin 2006 :	-	other
Bulletin de sécurité Microsoft MS06-021 du 13 juin 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Internet Explorer 6 Service Pack 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 5.0 Service Pack 4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 6.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le navigateur\nMicrosoft Internet Explorer. Parmi celles-ci, nous notons :\n\n-   une mauvaise gestion de certaines erreurs : un utilisateur\n    malveillant peut cr\u00e9er un site contenant une page particuli\u00e8re qui\n    engendre volontairement une erreur. Le navigateur vuln\u00e9rable des\n    personnes visitant cette page provoque ainsi un d\u00e9bordement de\n    m\u00e9moire, et l\u0027ex\u00e9cution de code arbitraire sur la machine ;\n-   une lecture non correcte de code HTML au format UTF-8 : de la m\u00eame\n    mani\u00e8re, un utilisateur malveillant peut cr\u00e9er un site contenant une\n    page particuli\u00e8re utilisant cette vuln\u00e9rabilit\u00e9 ;\n-   un contr\u00f4le d\u00e9fectueux de certains ActiveX concernant\n    DXImageTransform : il est conseill\u00e9 dans la mesure du possible de\n    refuser les ActiveX au niveau du navigateur ;\n-   une usurpation possible de la barre d\u0027adressage : un utilisateur\n    malveillant peut construire une page particuli\u00e8re qui affiche une\n    barre d\u0027adressage issue d\u0027un site authentique, mais dont le contenu\n    est ill\u00e9gitime ;\n-   un enregistrement de fichiers au format multipart HTML (.mht) non\n    correct : un utilisateur malveillant qui arrive \u00e0 persuader une\n    personne d\u0027enregistrer une page sp\u00e9cialement construite sous ce\n    format pourrait ainsi ex\u00e9cuter du code arbitraire sur la machine de\n    cette personne ;\n-   une mauvaise manipulation des images au format ART (.art) : ce\n    format est normalement utilis\u00e9 par les logiciels d\u0027AOL (America\n    Online), mais Internet Explorer int\u00e8gre une librairie particuli\u00e8re\n    pour les afficher. Un utilisateur malveillant peut cr\u00e9er une page\n    Web contenant une image ART sp\u00e9cialement construite, qui, une fois\n    affich\u00e9e dans le navigateur d\u0027une personne visitant la page,\n    entra\u00eenera l\u0027ex\u00e9cution de commandes arbitraires. Un r\u00e9sultat\n    identique est obtenu si l\u0027utilisateur envoie une telle image\n    malveillante dans un courrier \u00e9lectronique lu au format HTML.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-2383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2383"
    },
    {
      "name": "CVE-2006-1303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1303"
    },
    {
      "name": "CVE-2006-2384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2384"
    },
    {
      "name": "CVE-2006-1626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1626"
    },
    {
      "name": "CVE-2005-4089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-4089"
    },
    {
      "name": "CVE-2006-2218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2218"
    },
    {
      "name": "CVE-2006-2385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2385"
    },
    {
      "name": "CVE-2006-2382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2382"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-021 du 13 juin 2006 :",
      "url": "http://www.microsoft.com/france/technet/securite/MS06-021.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-022 du 13 juin 2006 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS06-022.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-022 du 13 juin 2006 :",
      "url": "http://www.microsoft.com/france/technet/securite/MS06-022.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-021 du 13 juin 2006 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS06-021.mspx"
    }
  ],
  "reference": "CERTA-2006-AVI-237",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-06-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans Microsoft Internet\nExplorer. Celles-ci permettraient \u00e0 un utilisateur malveillant\nd\u0027ex\u00e9cuter des commandes arbitraires \u00e0 distance, ou collecter des\ninformations auxquelles il ne devrait pas acc\u00e9der.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 13 juin 2006",
      "url": null
    }
  ]
}

CERTA-2006-AVI-237

Vulnerability from certfr_avis - Published: - Updated:

Description

De multiples vulnérabilités ont été identifiées dans le navigateur Microsoft Internet Explorer. Parmi celles-ci, nous notons :

une mauvaise gestion de certaines erreurs : un utilisateur malveillant peut créer un site contenant une page particulière qui engendre volontairement une erreur. Le navigateur vulnérable des personnes visitant cette page provoque ainsi un débordement de mémoire, et l'exécution de code arbitraire sur la machine ;
une lecture non correcte de code HTML au format UTF-8 : de la même manière, un utilisateur malveillant peut créer un site contenant une page particulière utilisant cette vulnérabilité ;
un contrôle défectueux de certains ActiveX concernant DXImageTransform : il est conseillé dans la mesure du possible de refuser les ActiveX au niveau du navigateur ;
une usurpation possible de la barre d'adressage : un utilisateur malveillant peut construire une page particulière qui affiche une barre d'adressage issue d'un site authentique, mais dont le contenu est illégitime ;
un enregistrement de fichiers au format multipart HTML (.mht) non correct : un utilisateur malveillant qui arrive à persuader une personne d'enregistrer une page spécialement construite sous ce format pourrait ainsi exécuter du code arbitraire sur la machine de cette personne ;
une mauvaise manipulation des images au format ART (.art) : ce format est normalement utilisé par les logiciels d'AOL (America Online), mais Internet Explorer intègre une librairie particulière pour les afficher. Un utilisateur malveillant peut créer une page Web contenant une image ART spécialement construite, qui, une fois affichée dans le navigateur d'une personne visitant la page, entraînera l'exécution de commandes arbitraires. Un résultat identique est obtenu si l'utilisateur envoie une telle image malveillante dans un courrier électronique lu au format HTML.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Internet Explorer 6 Service Pack 1 ;
Microsoft	N/A	Internet Explorer 5.0 Service Pack 4 ;
Microsoft	N/A	Internet Explorer 6.

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 13 juin 2006	None	vendor-advisory
Bulletin de sécurité Microsoft MS06-021 du 13 juin 2006 :	-	other
Bulletin de sécurité Microsoft MS06-022 du 13 juin 2006 :	-	other
Bulletin de sécurité Microsoft MS06-022 du 13 juin 2006 :	-	other
Bulletin de sécurité Microsoft MS06-021 du 13 juin 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Internet Explorer 6 Service Pack 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 5.0 Service Pack 4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 6.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le navigateur\nMicrosoft Internet Explorer. Parmi celles-ci, nous notons :\n\n-   une mauvaise gestion de certaines erreurs : un utilisateur\n    malveillant peut cr\u00e9er un site contenant une page particuli\u00e8re qui\n    engendre volontairement une erreur. Le navigateur vuln\u00e9rable des\n    personnes visitant cette page provoque ainsi un d\u00e9bordement de\n    m\u00e9moire, et l\u0027ex\u00e9cution de code arbitraire sur la machine ;\n-   une lecture non correcte de code HTML au format UTF-8 : de la m\u00eame\n    mani\u00e8re, un utilisateur malveillant peut cr\u00e9er un site contenant une\n    page particuli\u00e8re utilisant cette vuln\u00e9rabilit\u00e9 ;\n-   un contr\u00f4le d\u00e9fectueux de certains ActiveX concernant\n    DXImageTransform : il est conseill\u00e9 dans la mesure du possible de\n    refuser les ActiveX au niveau du navigateur ;\n-   une usurpation possible de la barre d\u0027adressage : un utilisateur\n    malveillant peut construire une page particuli\u00e8re qui affiche une\n    barre d\u0027adressage issue d\u0027un site authentique, mais dont le contenu\n    est ill\u00e9gitime ;\n-   un enregistrement de fichiers au format multipart HTML (.mht) non\n    correct : un utilisateur malveillant qui arrive \u00e0 persuader une\n    personne d\u0027enregistrer une page sp\u00e9cialement construite sous ce\n    format pourrait ainsi ex\u00e9cuter du code arbitraire sur la machine de\n    cette personne ;\n-   une mauvaise manipulation des images au format ART (.art) : ce\n    format est normalement utilis\u00e9 par les logiciels d\u0027AOL (America\n    Online), mais Internet Explorer int\u00e8gre une librairie particuli\u00e8re\n    pour les afficher. Un utilisateur malveillant peut cr\u00e9er une page\n    Web contenant une image ART sp\u00e9cialement construite, qui, une fois\n    affich\u00e9e dans le navigateur d\u0027une personne visitant la page,\n    entra\u00eenera l\u0027ex\u00e9cution de commandes arbitraires. Un r\u00e9sultat\n    identique est obtenu si l\u0027utilisateur envoie une telle image\n    malveillante dans un courrier \u00e9lectronique lu au format HTML.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-2383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2383"
    },
    {
      "name": "CVE-2006-1303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1303"
    },
    {
      "name": "CVE-2006-2384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2384"
    },
    {
      "name": "CVE-2006-1626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1626"
    },
    {
      "name": "CVE-2005-4089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-4089"
    },
    {
      "name": "CVE-2006-2218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2218"
    },
    {
      "name": "CVE-2006-2385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2385"
    },
    {
      "name": "CVE-2006-2382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2382"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-021 du 13 juin 2006 :",
      "url": "http://www.microsoft.com/france/technet/securite/MS06-021.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-022 du 13 juin 2006 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS06-022.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-022 du 13 juin 2006 :",
      "url": "http://www.microsoft.com/france/technet/securite/MS06-022.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-021 du 13 juin 2006 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS06-021.mspx"
    }
  ],
  "reference": "CERTA-2006-AVI-237",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-06-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans Microsoft Internet\nExplorer. Celles-ci permettraient \u00e0 un utilisateur malveillant\nd\u0027ex\u00e9cuter des commandes arbitraires \u00e0 distance, ou collecter des\ninformations auxquelles il ne devrait pas acc\u00e9der.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 13 juin 2006",
      "url": null
    }
  ]
}

GSD-2006-2218

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-2218

Aliases

CVE-2006-2218

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-2218",
    "description": "Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via \"exceptional conditions\" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.",
    "id": "GSD-2006-2218"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-2218"
      ],
      "details": "Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via \"exceptional conditions\" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.",
      "id": "GSD-2006-2218",
      "modified": "2023-12-13T01:19:52.992776Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-2218",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via \"exceptional conditions\" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "oval:org.mitre.oval:def:1768",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1768"
          },
          {
            "name": "oval:org.mitre.oval:def:1961",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1961"
          },
          {
            "name": "http://secunia.com/secunia_research/2006-41/advisory",
            "refsource": "MISC",
            "url": "http://secunia.com/secunia_research/2006-41/advisory"
          },
          {
            "name": "ADV-2006-2319",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/2319"
          },
          {
            "name": "1016291",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016291"
          },
          {
            "name": "TA06-164A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
          },
          {
            "name": "20060614 Secunia Resaerch: Internet Explorer Exception Handling Memory Corruption Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/437099/100/0/threaded"
          },
          {
            "name": "17820",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/17820"
          },
          {
            "name": "oval:org.mitre.oval:def:1078",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1078"
          },
          {
            "name": "27475",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/27475"
          },
          {
            "name": "oval:org.mitre.oval:def:1845",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1845"
          },
          {
            "name": "VU#338828",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/338828"
          },
          {
            "name": "oval:org.mitre.oval:def:1728",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1728"
          },
          {
            "name": "MS06-021",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
          },
          {
            "name": "oval:org.mitre.oval:def:1765",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1765"
          },
          {
            "name": "19762",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19762"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2218"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via \"exceptional conditions\" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "17820",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/17820"
            },
            {
              "name": "19762",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/19762"
            },
            {
              "name": "VU#338828",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/338828"
            },
            {
              "name": "TA06-164A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
            },
            {
              "name": "1016291",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016291"
            },
            {
              "name": "http://secunia.com/secunia_research/2006-41/advisory",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/secunia_research/2006-41/advisory"
            },
            {
              "name": "27475",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/27475"
            },
            {
              "name": "ADV-2006-2319",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2319"
            },
            {
              "name": "oval:org.mitre.oval:def:1961",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1961"
            },
            {
              "name": "oval:org.mitre.oval:def:1845",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1845"
            },
            {
              "name": "oval:org.mitre.oval:def:1768",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1768"
            },
            {
              "name": "oval:org.mitre.oval:def:1765",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1765"
            },
            {
              "name": "oval:org.mitre.oval:def:1728",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1728"
            },
            {
              "name": "oval:org.mitre.oval:def:1078",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1078"
            },
            {
              "name": "MS06-021",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
            },
            {
              "name": "20060614 Secunia Resaerch: Internet Explorer Exception Handling Memory Corruption Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/437099/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2021-07-23T12:55Z",
      "publishedDate": "2006-05-05T12:46Z"
    }
  }
}

FKIE_CVE-2006-2218

Vulnerability from fkie_nvd - Published: 2006-05-05 12:46 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/19762	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/secunia_research/2006-41/advisory	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1016291
cve@mitre.org	http://www.kb.cert.org/vuls/id/338828	US Government Resource
cve@mitre.org	http://www.osvdb.org/27475
cve@mitre.org	http://www.securityfocus.com/archive/1/437099/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/17820
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA06-164A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2006/2319	Vendor Advisory
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1078
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1728
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1765
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1768
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1845
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1961
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19762	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/secunia_research/2006-41/advisory	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016291
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/338828	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/27475
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/437099/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/17820
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-164A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2319	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1078
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1728
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1765
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1768
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1845
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1961

Impacted products

	Vendor	Product	Version
	microsoft	internet_explorer	6.0
	microsoft	windows_xp	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via \"exceptional conditions\" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992."
    }
  ],
  "evaluatorSolution": "Failed exploit attempts will likely crash the affected application.",
  "id": "CVE-2006-2218",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-05-05T12:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19762"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2006-41/advisory"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016291"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/338828"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/27475"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/437099/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/17820"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2319"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1078"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1728"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1765"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1768"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1845"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1961"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19762"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2006-41/advisory"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016291"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/338828"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/27475"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/437099/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/17820"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2319"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1078"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1728"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1765"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1768"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1845"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1961"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-37WG-V9P2-CHV7

Vulnerability from github – Published: 2022-05-01 06:56 – Updated: 2022-05-01 06:56

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-2218"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-05-05T12:46:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via \"exceptional conditions\" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992.",
  "id": "GHSA-37wg-v9p2-chv7",
  "modified": "2022-05-01T06:56:59Z",
  "published": "2022-05-01T06:56:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2218"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1078"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1728"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1765"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1768"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1845"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1961"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19762"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/secunia_research/2006-41/advisory"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016291"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/338828"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/27475"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/437099/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/17820"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-164A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/2319"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-2218 (GCVE-0-2006-2218)

CERTA-2006-AVI-237

Description

Solution

CERTA-2006-AVI-237

Description

Solution

GSD-2006-2218

FKIE_CVE-2006-2218

GHSA-37WG-V9P2-CHV7

Tags

Sightings

Nomenclature