Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1359

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2006-1359
Last Modified 07 Mar 2011 09:32:52
Published 22 Mar 2006 07:06:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-1359

Summary

Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.

Vulnerable Systems

Application

  • Microsoft Ie 6.0

  • Microsoft Ie 7.0


References

CERT - TA06-101A

CERT-VN - VU#876678

XF - ie-createtextrange-command-execution(25379)

VUPEN - ADV-2006-1318

VUPEN - ADV-2006-1050

BID - 17196

BUGTRAQ - 20060328 Determina Fix for CVE-2006-1359 (Zero Day MS Internet Explorer Remote "CreateTextRange()" Code Execution)

BUGTRAQ - 20060328 EEYE: Temporary workaround for IE createTextRange vulnerability

BUGTRAQ - 20060323 Secunia Research: Microsoft Internet Explorer "createTextRange()"Code Execution

BUGTRAQ - 20060322 Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution

BUGTRAQ - 20060322 IE crash

OSVDB - 24050

MS - MS06-013

CONFIRM - http://www.microsoft.com/technet/security/advisory/917077.mspx

MISC - http://www.computerterrorism.com/research/ct22-03-2006

CIAC - Q-154

SECTRACK - 1015812

MISC - http://secunia.com/secunia_research/2006-7/advisory/

SECUNIA - 18680

FULLDISC - 20060327 Determina Fix for the IE createTextRange() bug

FULLDISC - 20060322 FW: [Full-disclosure] IE crash


Last Updated: 27 May 2016 10:42:02