Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3510

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2006-3510
Last Modified 07 Mar 2011 09:38:46
Published 11 Jul 2006 06:05:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-3510

Summary

The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.

Vulnerable Systems

Application

  • Microsoft Ie 6.0


References

XF - ie-rdsdatacontrol-url-dos(27621)

VUPEN - ADV-2006-2718

BID - 18900

OSVDB - 26955

MISC - http://browserfun.blogspot.com/2006/07/mobb-8-rdsdatacontrol-url.html


Last Updated: 27 May 2016 10:43:02