Executive Summary

Summary
Title Microsoft Security Advisory (923762): Long URLs to sites using HTTP 1.1 and compression Could Cause Internet Explorer 6 Service Pack 1 to Unexpectedly Exit
Informations
Name KB923762 First vendor Publication 2006-08-22
Vendor Microsoft Last vendor Modification 2006-08-24
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

On August 15, 2006 Microsoft announced that it would be re-releasing Microsoft Security Bulletin MS06-042 Tuesday, August 22, 2006 to address an issue affecting Internet Explorer 6 Service Pack 1 customers as discussed in Microsoft Knowledge Base Article 923762.Due to an issue discovered in final testing, Microsoft was not able to re-release MS06-042 on August 22, 2006.On August 24, 2006, Microsoft completed testing to ensure the update re-released for Internet Explorer 6 Service Pack 1 met the appropriate level of quality for broad distribution.

On August 22, 2006 Microsoft also became aware of public notification on the exploitable nature of this vulnerability. Microsoft has completed the investigation into the vulnerability, and has revised Microsoft Security Bulletin MS06-042 with information on this vulnerability, and the availability of revised Internet Explorer Service Pack 1 security updates. Customers are encouraged to apply the revised update to Internet Explorer Service Pack 1 systems immediately.

Original Source

Url : http://www.microsoft.com/technet/security/advisory/923762.mspx

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

Open Source Vulnerability Database (OSVDB)

Id Description
28132 Microsoft IE HTTP 1.1 URL Parsing Overflow

A remote overflow exists in Microsoft's Internet Explorer. Internet Explorer fails to correctly handle a long URL using HTTP 1.1 compression resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.

Snort® IPS/IDS

Date Description
2016-04-05 Microsoft Internet Explorer long URL buffer overflow attempt
RuleID : 37961 - Revision : 2 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer long URL buffer overflow attempt
RuleID : 18517 - Revision : 6 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer long URL buffer overflow attempt
RuleID : 17494 - Revision : 10 - Type : BROWSER-IE

Nessus® Vulnerability Scanner

Date Description
2006-08-08 Name : Arbitrary code can be executed on the remote host through the web client.
File : smb_nt_ms06-042.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:38:46
  • Multiple Updates
2013-05-11 12:20:22
  • Multiple Updates