Release DateMar 11, 2010 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt against a buffer overflow vulnerability in Microsoft Internet Explorer.The vulnerability is caused by an error when mshtml.dll is handling a malicious HTML including a large number of script action handlers. It allows a remote attacker to execute arbitrary code via sending a crafted web page. |
Affected ProductsMicrosoft Internet Explorer 5.0.1 SP4Microsoft Internet Explorer 5.0.1 SP3 Microsoft Internet Explorer 5.0.1 SP2 Microsoft Internet Explorer 5.0.1 SP1 Microsoft Internet Explorer 5.0.1 for Windows NT 4.0 Microsoft Internet Explorer 5.0.1 for Windows 98 Microsoft Internet Explorer 5.0.1 for Windows 95 Microsoft Internet Explorer 5.0.1 for Windows 2000 Microsoft Internet Explorer 5.0.1 Microsoft Internet Explorer 7.0 beta2 Microsoft Internet Explorer 7.0 beta1 Microsoft Internet Explorer 6.0 SP2 - do not use Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 |
Recommended ActionsRefer to the vendor's web site for suggested workaround.http://www.microsoft.com/technet/security/Bulletin/MS06-013.mspx |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2006-1245 |
Reference/shttp://www.microsoft.com/technet/security/Bulletin/MS06-013.mspx (MS-ID)http://www.securityfocus.com/bid/17131 (BugTraq) |
