cvelistv5 - cve-2006-3281

CVE-2006-3281 (GCVE-0-2006-3281)

Vulnerability from cvelistv5 – Published: 2006-06-28 22:00 – Updated: 2024-08-07 18:23

Summary

Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka "Folder GUID Code Execution Vulnerability." NOTE: directory traversal sequences were used in the original exploit, although their role is not clear.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://lists.grok.org.uk/pipermail/full-disclosur…	mailing-listx_refsource_FULLDISC
	http://secunia.com/advisories/20825	third-party-advisoryx_refsource_SECUNIA
	http://www.kb.cert.org/vuls/id/655100	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/bid/19389	vdb-entryx_refsource_BID
	http://securitytracker.com/id?1016388	vdb-entryx_refsource_SECTRACK
	http://lists.grok.org.uk/pipermail/full-disclosur…	x_refsource_MISC
	http://www.us-cert.gov/cas/techalerts/TA06-220A.html	third-party-advisoryx_refsource_CERT
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.vupen.com/english/advisories/2006/2553	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:23:20.437Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20060627 IE_ONE_MINOR_ONE_MAJOR",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html"
          },
          {
            "name": "20825",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20825"
          },
          {
            "name": "VU#655100",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/655100"
          },
          {
            "name": "19389",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19389"
          },
          {
            "name": "1016388",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016388"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj"
          },
          {
            "name": "TA06-220A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:318",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A318"
          },
          {
            "name": "MS06-045",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-045"
          },
          {
            "name": "ie-hta-fileshare-command-execution(27456)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27456"
          },
          {
            "name": "ADV-2006-2553",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2553"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka \"Folder GUID Code Execution Vulnerability.\"  NOTE: directory traversal sequences were used in the original exploit, although their role is not clear."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20060627 IE_ONE_MINOR_ONE_MAJOR",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html"
        },
        {
          "name": "20825",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20825"
        },
        {
          "name": "VU#655100",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/655100"
        },
        {
          "name": "19389",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19389"
        },
        {
          "name": "1016388",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016388"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj"
        },
        {
          "name": "TA06-220A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:318",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A318"
        },
        {
          "name": "MS06-045",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-045"
        },
        {
          "name": "ie-hta-fileshare-command-execution(27456)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27456"
        },
        {
          "name": "ADV-2006-2553",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2553"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3281",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka \"Folder GUID Code Execution Vulnerability.\"  NOTE: directory traversal sequences were used in the original exploit, although their role is not clear."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060627 IE_ONE_MINOR_ONE_MAJOR",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html"
            },
            {
              "name": "20825",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20825"
            },
            {
              "name": "VU#655100",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/655100"
            },
            {
              "name": "19389",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19389"
            },
            {
              "name": "1016388",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016388"
            },
            {
              "name": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj",
              "refsource": "MISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj"
            },
            {
              "name": "TA06-220A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:318",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A318"
            },
            {
              "name": "MS06-045",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-045"
            },
            {
              "name": "ie-hta-fileshare-command-execution(27456)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27456"
            },
            {
              "name": "ADV-2006-2553",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2553"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3281",
    "datePublished": "2006-06-28T22:00:00",
    "dateReserved": "2006-06-28T00:00:00",
    "dateUpdated": "2024-08-07T18:23:20.437Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A19F6133-25D1-44A5-B6B9-354703436783\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\\\\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka \\\"Folder GUID Code Execution Vulnerability.\\\"  NOTE: directory traversal sequences were used in the original exploit, although their role is not clear.\"}, {\"lang\": \"es\", \"value\": \"Microsoft Internet Explorer v6.0 no maneja apropiadamente los eventos Drag y Drop, lo que permite a atacantes remotos asistidos por el usuario ejecutar c\\u00f3digo de su elecci\\u00f3n a trav\\u00e9s de un enlace al fichero compartido SMB con un nombre que contiene una secuencia codificada ..\\\\ (%2e%2e%5c)y cuya extensi\\u00f3n incluye al identificador CLSID Key para HTML Applications (HTA), como \\\"Folder GUID Code Execution Vulnerability.\\\" NOTA: la secuencia de salto de directorio fue usado en el exploit original, aunque sus roles no quedan claros.\"}]",
      "id": "CVE-2006-3281",
      "lastModified": "2024-11-21T00:13:14.733",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:P/I:P/A:P\", \"baseScore\": 5.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 4.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": true, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2006-06-28T22:05:00.000",
      "references": "[{\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/20825\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1016388\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/655100\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/19389\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA06-220A.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2553\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-045\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27456\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A318\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/20825\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1016388\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/655100\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/19389\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA06-220A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2553\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-045\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27456\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A318\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-3281\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-06-28T22:05:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\\\\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka \\\"Folder GUID Code Execution Vulnerability.\\\"  NOTE: directory traversal sequences were used in the original exploit, although their role is not clear.\"},{\"lang\":\"es\",\"value\":\"Microsoft Internet Explorer v6.0 no maneja apropiadamente los eventos Drag y Drop, lo que permite a atacantes remotos asistidos por el usuario ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un enlace al fichero compartido SMB con un nombre que contiene una secuencia codificada ..\\\\ (%2e%2e%5c)y cuya extensi\u00f3n incluye al identificador CLSID Key para HTML Applications (HTA), como \\\"Folder GUID Code Execution Vulnerability.\\\" NOTA: la secuencia de salto de directorio fue usado en el exploit original, aunque sus roles no quedan claros.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":5.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A19F6133-25D1-44A5-B6B9-354703436783\"}]}]}],\"references\":[{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/20825\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016388\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/655100\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/19389\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-220A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/2553\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-045\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27456\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A318\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/20825\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016388\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/655100\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/19389\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-220A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/2553\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-045\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27456\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A318\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2006-3281

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-3281

Aliases

CVE-2006-3281

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-3281",
    "description": "Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka \"Folder GUID Code Execution Vulnerability.\"  NOTE: directory traversal sequences were used in the original exploit, although their role is not clear.",
    "id": "GSD-2006-3281"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-3281"
      ],
      "details": "Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka \"Folder GUID Code Execution Vulnerability.\"  NOTE: directory traversal sequences were used in the original exploit, although their role is not clear.",
      "id": "GSD-2006-3281",
      "modified": "2023-12-13T01:19:57.245462Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-3281",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka \"Folder GUID Code Execution Vulnerability.\"  NOTE: directory traversal sequences were used in the original exploit, although their role is not clear."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20060627 IE_ONE_MINOR_ONE_MAJOR",
            "refsource": "FULLDISC",
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html"
          },
          {
            "name": "20825",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20825"
          },
          {
            "name": "VU#655100",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/655100"
          },
          {
            "name": "19389",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/19389"
          },
          {
            "name": "1016388",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016388"
          },
          {
            "name": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj",
            "refsource": "MISC",
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj"
          },
          {
            "name": "TA06-220A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:318",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A318"
          },
          {
            "name": "MS06-045",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-045"
          },
          {
            "name": "ie-hta-fileshare-command-execution(27456)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27456"
          },
          {
            "name": "ADV-2006-2553",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/2553"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3281"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka \"Folder GUID Code Execution Vulnerability.\"  NOTE: directory traversal sequences were used in the original exploit, although their role is not clear."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060627 IE_ONE_MINOR_ONE_MAJOR",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html"
            },
            {
              "name": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj"
            },
            {
              "name": "20825",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/20825"
            },
            {
              "name": "VU#655100",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/655100"
            },
            {
              "name": "1016388",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016388"
            },
            {
              "name": "TA06-220A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
            },
            {
              "name": "19389",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/19389"
            },
            {
              "name": "ADV-2006-2553",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2553"
            },
            {
              "name": "ie-hta-fileshare-command-execution(27456)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27456"
            },
            {
              "name": "oval:org.mitre.oval:def:318",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A318"
            },
            {
              "name": "MS06-045",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-045"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2021-07-23T12:55Z",
      "publishedDate": "2006-06-28T22:05Z"
    }
  }
}

CERTA-2006-AVI-343

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans Windows Explorer permet à un utilisateur mal intentionné d'exécuter du code arbitraire à distance.

Description

Une vulnérabilité liée à la gestion du ``glisser-déposer'' (Drag'n Drop) dans Windows Explorer peut être explorer par un individu malveillant, au moyen d'une page web spécialement conçue, afin d'exécuter du code arbitraire à distance sur le système vulnérable.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows XP Professional x64 Edition ;
Microsoft	Windows	Microsoft Windows Server 2003 x64 Edition 1 ;
Microsoft	Windows	Microsoft Windows Server 2003 ;
Microsoft	Windows	Microsoft Windows Server 2003 pour système Itanium ;
Microsoft	Windows	Microsoft Windows Server 2003 Service Pack 1 ;
Microsoft	Windows	Microsoft Windows XP Service Pack 1 et 2 ;
Microsoft	Windows	Microsoft Windows Server 2003 Service Pack 1 pour système Itanium ;
Microsoft	Windows	Microsoft Windows 2000 Service Pack 4 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS06-045 du 08 août 2006

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows XP Professional x64 Edition ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 x64 Edition 1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 pour syst\u00e8me Itanium ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 Service Pack 1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP Service Pack 1 et 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 Service Pack 1 pour syst\u00e8me Itanium ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2000 Service Pack 4 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 li\u00e9e \u00e0 la gestion du \\`\\`glisser-d\u00e9poser\u0027\u0027 (Drag\u0027n\nDrop) dans Windows Explorer peut \u00eatre explorer par un individu\nmalveillant, au moyen d\u0027une page web sp\u00e9cialement con\u00e7ue, afin\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance sur le syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-3281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3281"
    }
  ],
  "links": [],
  "reference": "CERTA-2006-AVI-343",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-08-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans Windows Explorer permet \u00e0 un utilisateur mal\nintentionn\u00e9 d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Windows Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-045 du 08 ao\u00fbt 2006",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS06-045.mspx"
    }
  ]
}

CERTA-2006-AVI-343

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans Windows Explorer permet à un utilisateur mal intentionné d'exécuter du code arbitraire à distance.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows XP Professional x64 Edition ;
Microsoft	Windows	Microsoft Windows Server 2003 x64 Edition 1 ;
Microsoft	Windows	Microsoft Windows Server 2003 ;
Microsoft	Windows	Microsoft Windows Server 2003 pour système Itanium ;
Microsoft	Windows	Microsoft Windows Server 2003 Service Pack 1 ;
Microsoft	Windows	Microsoft Windows XP Service Pack 1 et 2 ;
Microsoft	Windows	Microsoft Windows Server 2003 Service Pack 1 pour système Itanium ;
Microsoft	Windows	Microsoft Windows 2000 Service Pack 4 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS06-045 du 08 août 2006

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows XP Professional x64 Edition ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 x64 Edition 1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 pour syst\u00e8me Itanium ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 Service Pack 1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP Service Pack 1 et 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 Service Pack 1 pour syst\u00e8me Itanium ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2000 Service Pack 4 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 li\u00e9e \u00e0 la gestion du \\`\\`glisser-d\u00e9poser\u0027\u0027 (Drag\u0027n\nDrop) dans Windows Explorer peut \u00eatre explorer par un individu\nmalveillant, au moyen d\u0027une page web sp\u00e9cialement con\u00e7ue, afin\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance sur le syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-3281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3281"
    }
  ],
  "links": [],
  "reference": "CERTA-2006-AVI-343",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-08-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans Windows Explorer permet \u00e0 un utilisateur mal\nintentionn\u00e9 d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Windows Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-045 du 08 ao\u00fbt 2006",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS06-045.mspx"
    }
  ]
}

FKIE_CVE-2006-3281

Vulnerability from fkie_nvd - Published: 2006-06-28 22:05 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html
cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj	Exploit
cve@mitre.org	http://secunia.com/advisories/20825	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1016388
cve@mitre.org	http://www.kb.cert.org/vuls/id/655100	US Government Resource
cve@mitre.org	http://www.securityfocus.com/bid/19389
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA06-220A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2006/2553	Vendor Advisory
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-045
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/27456
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A318
af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20825	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016388
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/655100	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/19389
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-220A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2553	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-045
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/27456
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A318

Impacted products

	Vendor	Product	Version
	microsoft	internet_explorer	6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka \"Folder GUID Code Execution Vulnerability.\"  NOTE: directory traversal sequences were used in the original exploit, although their role is not clear."
    },
    {
      "lang": "es",
      "value": "Microsoft Internet Explorer v6.0 no maneja apropiadamente los eventos Drag y Drop, lo que permite a atacantes remotos asistidos por el usuario ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un enlace al fichero compartido SMB con un nombre que contiene una secuencia codificada ..\\ (%2e%2e%5c)y cuya extensi\u00f3n incluye al identificador CLSID Key para HTML Applications (HTA), como \"Folder GUID Code Execution Vulnerability.\" NOTA: la secuencia de salto de directorio fue usado en el exploit original, aunque sus roles no quedan claros."
    }
  ],
  "id": "CVE-2006-3281",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-06-28T22:05:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20825"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016388"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/655100"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/19389"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2553"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-045"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27456"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A318"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20825"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016388"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/655100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/19389"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2553"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-045"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27456"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A318"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-6HXC-5477-3VMJ

Vulnerability from github – Published: 2022-05-01 07:07 – Updated: 2022-05-01 07:07

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-3281"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-06-28T22:05:00Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka \"Folder GUID Code Execution Vulnerability.\"  NOTE: directory traversal sequences were used in the original exploit, although their role is not clear.",
  "id": "GHSA-6hxc-5477-3vmj",
  "modified": "2022-05-01T07:07:30Z",
  "published": "2022-05-01T07:07:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3281"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-045"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27456"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A318"
    },
    {
      "type": "WEB",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20825"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016388"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/655100"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/19389"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/2553"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-3281 (GCVE-0-2006-3281)

GSD-2006-3281

CERTA-2006-AVI-343

Description

Solution

CERTA-2006-AVI-343

Description

Solution

FKIE_CVE-2006-3281

GHSA-6HXC-5477-3VMJ

Tags

Sightings

Nomenclature