Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3357

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3357
Last Modified 07 Mar 2011 09:38:25
Published 06 Jul 2006 04:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3357

Summary

Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) in Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code by repeatedly setting the Image field of an Internet.HHCtrl.1 object to certain values, possibly related to improper escaping and long strings.

Vulnerable Systems

Application

  • Microsoft Ie 6.0


References

CERT - TA06-220A

CERT-VN - VU#159220

VUPEN - ADV-2006-2635

VUPEN - ADV-2006-2634

BID - 18769

OSVDB - 26835

SECUNIA - 20906

MISC - http://browserfun.blogspot.com/2006/07/mobb-2-internethhctrl-image-property.html

XF - ie-hhctrl-bo(27573)

MISC - http://www.tippingpoint.com/security/advisories/TSRT-06-08.html

BUGTRAQ - 20060808 TSRT-06-08: Microsoft Internet Help COM Object Memory Corruption Vulnerability

MS - MS06-046

SECTRACK - 1016434


Last Updated: 27 May 2016 10:42:58