Executive Summary

Informations
Name CVE-2006-3869 First vendor Publication 2006-08-22
Vendor Cve Last vendor Modification 2018-10-17

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3869

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
28132 Microsoft IE HTTP 1.1 URL Parsing Overflow

A remote overflow exists in Microsoft's Internet Explorer. Internet Explorer fails to correctly handle a long URL using HTTP 1.1 compression resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.

Snort® IPS/IDS

Date Description
2014-01-10 DXImageTransform.Microsoft.NDFXArtEffects ActiveX function call access
RuleID : 8425 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 DXImageTransform.Microsoft.NDFXArtEffects ActiveX CLSID unicode access
RuleID : 7915 - Revision : 7 - Type : WEB-ACTIVEX
2014-01-10 DXImageTransform.Microsoft.NDFXArtEffects ActiveX clsid access
RuleID : 7914 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 WM VIH2 Fix ActiveX CLSID unicode access
RuleID : 7501 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WM VIH2 Fix ActiveX clsid access
RuleID : 7500 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WM TV Out Smooth Picture Filter ActiveX CLSID unicode access
RuleID : 7499 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WM TV Out Smooth Picture Filter ActiveX clsid access
RuleID : 7498 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT Volume ActiveX CLSID unicode access
RuleID : 7497 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT Volume ActiveX clsid access
RuleID : 7496 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT Virtual Source ActiveX CLSID unicode access
RuleID : 7495 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT Virtual Source ActiveX clsid access
RuleID : 7494 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT Virtual Renderer ActiveX CLSID unicode access
RuleID : 7493 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT Virtual Renderer ActiveX clsid access
RuleID : 7492 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT Switch Filter ActiveX CLSID unicode access
RuleID : 7491 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT Switch Filter ActiveX clsid access
RuleID : 7490 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT Screen capture Filter ActiveX CLSID unicode access
RuleID : 7489 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT Screen capture Filter ActiveX clsid access
RuleID : 7488 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT Screen Capture Filter Task Page ActiveX CLSID unicode access
RuleID : 7487 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT Screen Capture Filter Task Page ActiveX clsid...
RuleID : 7486 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT Sample Info Filter ActiveX CLSID unicode access
RuleID : 7485 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT Sample Info Filter ActiveX clsid access
RuleID : 7484 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT MuxDeMux Filter ActiveX CLSID unicode access
RuleID : 7483 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT MuxDeMux Filter ActiveX clsid access
RuleID : 7482 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT Log Filter ActiveX CLSID unicode access
RuleID : 7481 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT Log Filter ActiveX clsid access
RuleID : 7480 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT Interlacer ActiveX CLSID unicode access
RuleID : 7479 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT Interlacer ActiveX clsid access
RuleID : 7478 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT Import Filter ActiveX CLSID unicode access
RuleID : 7477 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT Import Filter ActiveX clsid access
RuleID : 7476 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT FormatConversion ActiveX CLSID unicode access
RuleID : 7475 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT FormatConversion ActiveX clsid access
RuleID : 7474 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT FormatConversion Prop Page ActiveX CLSID unicode access
RuleID : 7473 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT FormatConversion Prop Page ActiveX clsid access
RuleID : 7472 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT DV Extract Filter ActiveX CLSID unicode access
RuleID : 7471 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT DV Extract Filter ActiveX clsid access
RuleID : 7470 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT DirectX Transform Wrapper ActiveX CLSID unicode access
RuleID : 7469 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT DirectX Transform Wrapper ActiveX clsid access
RuleID : 7468 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT DeInterlace Prop Page ActiveX CLSID unicode access
RuleID : 7467 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT DeInterlace Prop Page ActiveX clsid access
RuleID : 7466 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT DeInterlace Filter ActiveX CLSID unicode access
RuleID : 7465 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT DeInterlace Filter ActiveX clsid access
RuleID : 7464 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT Black Frame Generator ActiveX CLSID unicode access
RuleID : 7463 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT Black Frame Generator ActiveX clsid access
RuleID : 7462 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WMT Audio Analyzer ActiveX CLSID unicode access
RuleID : 7461 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMT Audio Analyzer ActiveX clsid access
RuleID : 7460 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Wmm2fxb.dll ActiveX CLSID unicode access
RuleID : 7459 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer Wmm2fxb.dll ActiveX clsid access
RuleID : 7458 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Wmm2fxa.dll ActiveX CLSID unicode access
RuleID : 7457 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer Wmm2fxa.dll ActiveX clsid access
RuleID : 7456 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Wmm2ae.dll ActiveX CLSID unicode access
RuleID : 7455 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer Wmm2ae.dll ActiveX clsid access
RuleID : 7454 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 WM Color Converter Filter ActiveX CLSID unicode access
RuleID : 7453 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WM Color Converter Filter ActiveX clsid access
RuleID : 7452 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Stetch ActiveX CLSID unicode access
RuleID : 7451 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer Stetch ActiveX clsid access
RuleID : 7450 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 ShotDetect ActiveX CLSID unicode access
RuleID : 7449 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer ShotDetect ActiveX clsid access
RuleID : 7448 - Revision : 12 - Type : BROWSER-PLUGINS
2014-01-10 Record Queue ActiveX CLSID unicode access
RuleID : 7447 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer Record Queue ActiveX clsid access
RuleID : 7446 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Mmedia.AsyncMHandler.1 ActiveX CLSID unicode access
RuleID : 7445 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer Mmedia.AsyncMHandler.1 ActiveX clsid access
RuleID : 7444 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 mmAEPlugIn.AEPlugIn.1 ActiveX CLSID unicode access
RuleID : 7443 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer mmAEPlugIn.AEPlugIn.1 ActiveX clsid access
RuleID : 7442 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Frame Eater ActiveX CLSID unicode access
RuleID : 7438 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer Frame Eater ActiveX clsid access
RuleID : 7437 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer Dynamic Casts ActiveX function call
RuleID : 7436 - Revision : 16 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer Dynamic Casts ActiveX clsid access
RuleID : 7435 - Revision : 19 - Type : BROWSER-PLUGINS
2014-01-10 DirectX Transform Wrapper Property Page ActiveX CLSID unicode access
RuleID : 7434 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer DirectX Transform Wrapper Property Page ActiveX c...
RuleID : 7433 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 DirectFrame.DirectControl.1 ActiveX CLSID unicode access
RuleID : 7432 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer DirectFrame.DirectControl.1 ActiveX clsid access
RuleID : 7431 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Bitmap ActiveX CLSID unicode access
RuleID : 7430 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer Bitmap ActiveX clsid access
RuleID : 7429 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Allocator Fix ActiveX CLSID unicode access
RuleID : 7428 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer Allocator Fix ActiveX clsid access
RuleID : 7427 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 9x8Resize ActiveX CLSID unicode access
RuleID : 7426 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer 9x8Resize ActiveX clsid access
RuleID : 7425 - Revision : 14 - Type : BROWSER-PLUGINS
2016-04-05 Microsoft Internet Explorer long URL buffer overflow attempt
RuleID : 37961 - Revision : 2 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer long URL buffer overflow attempt
RuleID : 18517 - Revision : 6 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer long URL buffer overflow attempt
RuleID : 17494 - Revision : 10 - Type : BROWSER-IE

Nessus® Vulnerability Scanner

Date Description
2006-08-08 Name : Arbitrary code can be executed on the remote host through the web client.
File : smb_nt_ms06-042.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/19667
BUGTRAQ http://www.securityfocus.com/archive/1/444046/100/0/threaded
http://www.securityfocus.com/archive/1/444241/100/0/threaded
http://www.securityfocus.com/archive/1/444319/100/0/threaded
CERT-VN http://www.kb.cert.org/vuls/id/821156
CONFIRM http://support.microsoft.com/kb/923762/
http://www.microsoft.com/technet/security/advisory/923762.mspx
MISC http://www.nsfocus.com/english/homepage/research/0608.htm
OSVDB http://www.osvdb.org/28132
SECTRACK http://securitytracker.com/id?1016731
SECUNIA http://secunia.com/advisories/21557
SREASON http://securityreason.com/securityalert/1441
VUPEN http://www.vupen.com/english/advisories/2006/3356
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/28522
https://exchange.xforce.ibmcloud.com/vulnerabilities/28893

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
Date Informations
2021-05-04 12:04:22
  • Multiple Updates
2021-04-22 01:05:00
  • Multiple Updates
2020-05-23 00:18:09
  • Multiple Updates
2018-10-18 00:19:37
  • Multiple Updates
2017-07-20 09:23:47
  • Multiple Updates
2016-06-28 15:53:40
  • Multiple Updates
2016-04-26 14:54:32
  • Multiple Updates
2014-01-19 21:23:26
  • Multiple Updates
2013-05-11 11:05:06
  • Multiple Updates