CVE-2006-3869 - Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP

CVE-2006-3869

Summary

Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.

References

Vulnerable Configurations

cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 17-10-2018 - 21:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	19667
bugtraq	20060822 EEYE:ALERT: MS06-042 Related Internet Explorer 'Crash' is Exploitable 20060824 EEYE: Internet Explorer Compressed Content URL Heap Overflow Vulnerability 20060825 NSFOCUS SA2006-08 : Microsoft IE6 urlmon.dll Long URL Buffer Overflow Vulnerability
cert-vn	VU#821156
confirm	http://support.microsoft.com/kb/923762/ http://www.microsoft.com/technet/security/advisory/923762.mspx
misc	http://www.nsfocus.com/english/homepage/research/0608.htm
osvdb	28132
sectrack	1016731
secunia	21557
sreason	1441
vupen	ADV-2006-3356
xf	ie-long-url-bo(28522) ie-url-compression-bo(28893)

Last major update

17-10-2018 - 21:32

Published

23-08-2006 - 01:04

Last modified

17-10-2018 - 21:32