Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2006-1245 | First vendor Publication | 2006-03-16 |
Vendor | Cve | Last vendor Modification | 2018-10-18 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability." |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1245 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1451 | |||
Oval ID: | oval:org.mitre.oval:def:1451 | ||
Title: | IE5 Multiple Event Handler Memory Corruption (Win2K) | ||
Description: | Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-1245 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1569 | |||
Oval ID: | oval:org.mitre.oval:def:1569 | ||
Title: | IE6 Multiple Event Handler Memory Corruption (Win2K/XP,SP1) | ||
Description: | Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-1245 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1599 | |||
Oval ID: | oval:org.mitre.oval:def:1599 | ||
Title: | IE6 Multiple Event Handler Memory Corruption (WinXP) | ||
Description: | Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-1245 | Version: | 5 |
Platform(s): | Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1632 | |||
Oval ID: | oval:org.mitre.oval:def:1632 | ||
Title: | IE6 Multiple Event Handler Memory Corruption (Server 2003) | ||
Description: | Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-1245 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:1766 | |||
Oval ID: | oval:org.mitre.oval:def:1766 | ||
Title: | IE6 Multiple Event Handler Memory Corruption (Server 2003,SP1) | ||
Description: | Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-1245 | Version: | 4 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
ExploitDB Exploits
id | Description |
---|---|
2010-09-20 | Internet Explorer createTextRange() Code Execution |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
23964 | Microsoft IE mshtml.dll Multiple Script Action Handler Overflow Remote overflow exists in Microsoft Internet Explorer. The product fails to properly check bounds for handling HTML tags with multiple event handlers resulting in a buffer overflow. With a specially crafted HTML document, an attacker can cause affected web browsers to crash or remote code execution resulting in a loss of integrity, and/or availability. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft DT DDS OrgChart GDD Route ActiveX object access RuleID : 6008 - Revision : 11 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DT DDS OrgChart GDD Layout ActiveX object access RuleID : 6007 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DT Icon Control ActiveX object access RuleID : 6006 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DT DDS Straight Line Routing Logic 2 ActiveX obje... RuleID : 6005 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DT DDS Circular Auto Layout Logic 2 ActiveX objec... RuleID : 6004 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DT DDS Rectilinear GDD Route ActiveX object access RuleID : 6003 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DT DDS Rectilinear GDD Layout ActiveX object access RuleID : 6002 - Revision : 12 - Type : BROWSER-PLUGINS |
2017-12-05 | Microsoft Internet Explorer script action handler buffer overflow attempt RuleID : 44730 - Revision : 2 - Type : BROWSER-IE |
2017-12-05 | Microsoft Internet Explorer script action handler buffer overflow attempt RuleID : 44729 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer createTextRange code execution attempt RuleID : 18313 - Revision : 6 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer script action handler overflow attempt RuleID : 18303 - Revision : 5 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer Script Action Handler buffer overflow attempt RuleID : 17516 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer Script Action Handler buffer overflow attempt RuleID : 17515 - Revision : 14 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer Script Action Handler buffer overflow attempt RuleID : 17514 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer Script Action Handler buffer overflow attempt RuleID : 17513 - Revision : 12 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer Script Action Handler buffer overflow attempt RuleID : 17512 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer createTextRange code execution attempt RuleID : 17263 - Revision : 7 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer createTextRange code execution attempt RuleID : 17262 - Revision : 6 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer createTextRange code execution attempt RuleID : 17261 - Revision : 10 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer createTextRange code execution attempt RuleID : 16690 - Revision : 9 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer createTextRange code execution attempt RuleID : 16035 - Revision : 12 - Type : BROWSER-IE |
2014-01-10 | DirectAnimation.DAstatics ActiveX function call unicode access RuleID : 11246 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAstatics ActiveX function call a... RuleID : 11245 - Revision : 11 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAstatics ActiveX clsid unicode access RuleID : 11244 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAstatics ActiveX clsid access RuleID : 11243 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | DXImageTransform.Microsoft.Redirect ActiveX function call unicode access RuleID : 11242 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | DXImageTransform.Microsoft.Redirect ActiveX function call access RuleID : 11241 - Revision : 10 - Type : BROWSER-PLUGINS |
2014-01-10 | DXImageTransform.Microsoft.Redirect ActiveX clsid unicode access RuleID : 11240 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | DXImageTransform.Microsoft.Redirect ActiveX clsid access RuleID : 11239 - Revision : 11 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-04-11 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms06-013.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:03:48 |
|
2021-04-22 01:04:21 |
|
2020-05-23 00:17:31 |
|
2018-10-18 21:20:01 |
|
2018-10-13 00:22:33 |
|
2017-10-11 09:23:38 |
|
2017-07-20 09:23:25 |
|
2016-06-28 15:40:17 |
|
2016-04-26 14:24:25 |
|
2014-02-17 10:35:02 |
|
2014-01-19 21:23:11 |
|
2013-05-11 10:51:40 |
|