MS06-072

Executive Summary

Informations
Name	MS06-072	First vendor Publication	2006-12-12
Vendor	Microsoft	Last vendor Modification	2006-12-12
Severity (Vendor)	Critical	Revision	N/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

This update resolves several newly discovered vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately.

Original Source

Url : http://www.microsoft.com/technet/security/bulletin/ms06-072.mspx?pubDate=2 (...)

CWE : Common Weakness Enumeration

id	Name
CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:313

Oval ID:	oval:org.mitre.oval:def:313
Title:	TIF Folder Information Disclosure Vulnerability
Description:	Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5578.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-5577	Version:	3
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Server 2003-Gold Windows Server 2003 (Gold) is installed AND Internet Explorer 6 is installed AND the version of mshtml.dll is less than 6.0.3790.605 OR XP,SP1 (64-bit) and Server 2003, SP1 Windows XP (64-bit,SP1) or Server 2003 (SP1) is installed Windows XP, SP1 (64-bit) is installed AND Windows Server 2003, SP1 is installed AND Internet Explorer 6 is installed AND the version of mshtml.dll is less than 6.0.3790.2817 OR IE 6 on Windows XP,SP2 Windows XP, SP2 is installed AND Internet Explorer 6 is installed AND the version of mshtml.dll is less than 6.0.2900.3020 OR IE 6 on Windows 2000 Windows 2000 SP4 is installed AND Internet Explorer 6 is installed AND Internet Explorer 6 (any patch level) is installed AND Internet Explorer 6 is installed AND the version of mshtml.dll is less than 6.0.2800.1586 OR IE 5.01,SP4 on Win2k,SP4 Windows 2000 SP4 is installed AND Internet Explorer 5.01, SP4 is installed AND the version of mshtml.dll is less than 5.0.3846.2300

Definition Id: oval:org.mitre.oval:def:337

Oval ID:	oval:org.mitre.oval:def:337
Title:	TIF Folder Information Disclosure Vulnerability
Description:	Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-5578	Version:	3
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Server 2003-Gold Windows Server 2003 (Gold) is installed AND Internet Explorer 6 is installed AND the version of mshtml.dll is less than 6.0.3790.605 OR XP,SP1 (64-bit) and Server 2003, SP1 Windows XP (64-bit,SP1) or Server 2003 (SP1) is installed Windows XP, SP1 (64-bit) is installed AND Windows Server 2003, SP1 is installed AND Internet Explorer 6 is installed AND the version of mshtml.dll is less than 6.0.3790.2817 OR IE 6 on Windows XP,SP2 Windows XP, SP2 is installed AND Internet Explorer 6 is installed AND the version of mshtml.dll is less than 6.0.2900.3020 OR IE 6 on Windows 2000 Windows 2000 SP4 is installed AND Internet Explorer 6 is installed AND Internet Explorer 6 (any patch level) is installed AND Internet Explorer 6 is installed AND the version of mshtml.dll is less than 6.0.2800.1586 OR IE 5.01,SP4 on Win2k,SP4 Windows 2000 SP4 is installed AND Internet Explorer 5.01, SP4 is installed AND the version of mshtml.dll is less than 5.0.3846.2300

Definition Id: oval:org.mitre.oval:def:761

Oval ID:	oval:org.mitre.oval:def:761
Title:	Script Error Handling Memory Corruption Vulnerability
Description:	Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using JavaScript to cause certain errors simultaneously, which results in the access of previously freed memory, aka "Script Error Handling Memory Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-5579	Version:	3
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Server 2003-Gold Windows Server 2003 (Gold) is installed AND Internet Explorer 6 is installed AND the version of mshtml.dll is less than 6.0.3790.605 OR XP,SP1 (64-bit) and Server 2003, SP1 Windows XP (64-bit,SP1) or Server 2003 (SP1) is installed Windows XP, SP1 (64-bit) is installed AND Windows Server 2003, SP1 is installed AND Internet Explorer 6 is installed AND the version of mshtml.dll is less than 6.0.3790.2817 OR IE 6 on Windows XP,SP2 Windows XP, SP2 is installed AND Internet Explorer 6 is installed AND the version of mshtml.dll is less than 6.0.2900.3020 OR IE 6 on Windows 2000 Windows 2000 SP4 is installed AND Internet Explorer 6 is installed AND Internet Explorer 6 (any patch level) is installed AND Internet Explorer 6 is installed AND the version of mshtml.dll is less than 6.0.2800.1586

Definition Id: oval:org.mitre.oval:def:116

Oval ID:	oval:org.mitre.oval:def:116
Title:	DHTML Script Function Memory Corruption Vulnerability
Description:	Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via certain DHTML script functions, such as normalize, and "incorrectly created elements" that trigger memory corruption, aka "DHTML Script Function Memory Corruption Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2006-5581	Version:	3
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Server 2003-Gold Windows Server 2003 (Gold) is installed AND Internet Explorer 6 is installed AND the version of mshtml.dll is less than 6.0.3790.605 OR XP,SP1 (64-bit) and Server 2003, SP1 Windows XP (64-bit,SP1) or Server 2003 (SP1) is installed Windows XP, SP1 (64-bit) is installed AND Windows Server 2003, SP1 is installed AND Internet Explorer 6 is installed AND the version of mshtml.dll is less than 6.0.3790.2817 OR IE 6 on Windows XP,SP2 Windows XP, SP2 is installed AND Internet Explorer 6 is installed AND the version of mshtml.dll is less than 6.0.2900.3020 OR IE 6 on Windows 2000 Windows 2000 SP4 is installed AND Internet Explorer 6 is installed AND Internet Explorer 6 (any patch level) is installed AND Internet Explorer 6 is installed AND the version of mshtml.dll is less than 6.0.2800.1586

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft Ie cpe:/a:microsoft:ie:6:windows_server_2003_sp1 cpe:/a:microsoft:ie:6	2

Open Source Vulnerability Database (OSVDB)

id	Description
30816	Microsoft IE TIF Folder Cached Content Information Disclosure
30815	Microsoft IE TIF Folder Drag and Drop Operation Information Disclosure
30814	Microsoft IE DHTML Script Function Memory Corruption
30813	Microsoft IE Script Error Handling Memory Corruption

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-11 12:21:57	Multiple Updates

Type	Count
Oval ID(s)	4
CPE ID(s)	2
osvdb(s)	4

Related	Severity
CVE-2006-5581	(Critical)
CVE-2006-5579	(Critical)
CVE-2006-5577	(Medium)
CVE-2006-5578	(Low)
HPSBST02180 SSR...	(N/A)

Same Subject	Severity
Login to view 17 more Alert(s)

MS06-072

Executive Summary

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

Open Source Vulnerability Database (OSVDB)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU