Multiple vulnerabilities in Microsoft Internet Explorer



Published: 2006-03-23 | Updated: 2016-12-08
Risk Critical
Patch available YES
Number of vulnerabilities 9
CVE-ID CVE-2006-1192
CVE-2006-1190
CVE-2006-1189
CVE-2006-1188
CVE-2006-1186
CVE-2006-1185
CVE-2006-1388
CVE-2006-1245
CVE-2006-1359
CWE-ID CWE-200
CWE-285
CWE-119
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #3 is available.
Public exploit code for vulnerability #4 is available.
Public exploit code for vulnerability #5 is available.
Public exploit code for vulnerability #6 is available.
Public exploit code for vulnerability #7 is available.
Public exploit code for vulnerability #8 is available.
Vulnerability #9 is being exploited in the wild.
Vulnerable software
Subscribe 		Microsoft Internet Explorer
Client/Desktop applications / Web browsers

Vendor Microsoft

Security Bulletin

This security bulletin contains information about 9 vulnerabilities.

This security advisory was updated to address vulnerabilities, described in MS06-013. Discovered vulnerabilities may allow an attacker to obtain potentially sensitive information, perform spoofing attack and compromise vulnerable system.

1) Address bar spoofing

EUVDB-ID: #VU1238

Risk: Low

CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2006-1192

CWE-ID: CWE-200 - Information exposure

Exploit availability: Yes

Description

The vulnerability allows a remote user to perform spoofing attack.

The vulnerability exists due to an error, which allows an attacker to spoof address bar and other parts of web page.

Successful exploitation of this vulnerability may allow an attacker to perform spoofing attack and obtain potentially sensitive information or execute other malicious actions against victim.

Mitigation

Install update from vendor's website:

  • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 – Download the update
  • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1 – Download the update
  • Internet Explorer 6 for Microsoft Windows XP Service Pack 2 – Download the update
  • Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 – Download the update
  • Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems – Download the update
  • Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition – Download the update
  • Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition – Download the update

Vulnerable software versions

Microsoft Internet Explorer: 5 - 6

External links

http://technet.microsoft.com/en-us/library/security/ms06-013.aspx


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Security restrictions bypass

EUVDB-ID: #VU1237

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2006-1190

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: Yes

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to design error in the way Internet Explorer returns IOleClientSite information, when an embedded object is dynamically created. This issue allows a remote attacker to execute object in the wrong security context or security zone. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.


Mitigation

Install update from vendor's website:

  • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1 – Download the update
  • Internet Explorer 6 for Microsoft Windows XP Service Pack 2 – Download the update
  • Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 – Download the update
  • Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems – Download the update
  • Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition – Download the update
  • Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition – Download the update

Vulnerable software versions

Microsoft Internet Explorer: 6

External links

http://technet.microsoft.com/en-us/library/security/ms06-013.aspx


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Memory corruption

EUVDB-ID: #VU1236

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2006-1189

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when handling double-byte characters in specially crafted URLs. A remote attacker can create a specially crafted URL, trick the victim into visiting it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.


Mitigation

Install update from vendor's website:

  • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1 – Download the update
  • Internet Explorer 6 for Microsoft Windows XP Service Pack 2 – Download the update
  • Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 – Download the update
  • Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems – Download the update
  • Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition – Download the update
  • Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition – Download the update

Vulnerable software versions

Microsoft Internet Explorer: 6

External links

http://technet.microsoft.com/en-us/library/security/ms06-013.aspx


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Memory corruption

EUVDB-ID: #VU1235

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2006-1188

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when handling HTML elements with a specially crafted tag. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.


Mitigation

Install update from vendor's website:

  • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1 – Download the update
  • Internet Explorer 6 for Microsoft Windows XP Service Pack 2 – Download the update
  • Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 – Download the update
  • Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems – Download the update
  • Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition – Download the update
  • Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition – Download the update

Vulnerable software versions

Microsoft Internet Explorer: 6

External links

http://technet.microsoft.com/en-us/library/security/ms06-013.aspx


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

5) Memory corruption

EUVDB-ID: #VU1234

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2006-1186

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when initiating mdt2gddr.dll,  mdt2dd.dll, and mdt2gddo.dll COM objects as ActiveX controls. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.


Mitigation

Install update from vendor's website:

  • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 – Download the update
  • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1 – Download the update
  • Internet Explorer 6 for Microsoft Windows XP Service Pack 2 – Download the update
  • Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 – Download the update
  • Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems – Download the update
  • Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition – Download the update
  • Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition – Download the update

Vulnerable software versions

Microsoft Internet Explorer: 5.01 - 6

External links

http://technet.microsoft.com/en-us/library/security/ms06-013.aspx


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

6) Memory corruption

EUVDB-ID: #VU1233

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2006-1185

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing certain invalid HTML code. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.


Mitigation

Install update from vendor's website:

  • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 – Download the update
  • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1 – Download the update
  • Internet Explorer 6 for Microsoft Windows XP Service Pack 2 – Download the update
  • Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 – Download the update
  • Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems – Download the update

Vulnerable software versions

Microsoft Internet Explorer: 5.01 - 6

External links

http://technet.microsoft.com/en-us/library/security/ms06-013.aspx


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

7) Security restrictions bypass

EUVDB-ID: #VU1232

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2006-1388

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: Yes

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to insecure initiation of HTML Application (HTA). A remote attacker can create a specially crafted .hta file, trick the victim into opening it, bypass implemented into IE security controls and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.


Mitigation

Install update from vendor's website:

  • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 – Download the update
  • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1 – Download the update
  • Internet Explorer 6 for Microsoft Windows XP Service Pack 2 – Download the update
  • Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 – Download the update
  • Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems – Download the update
  • Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition – Download the update
  • Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition – Download the update

Vulnerable software versions

Microsoft Internet Explorer: 5.01 - 6

External links

http://technet.microsoft.com/en-us/library/security/ms06-013.aspx


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

8) Memory corruption

EUVDB-ID: #VU1231

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2006-1245

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in mshtml.dll library when processing HTML tag with large number of script action handlers such as onload and onmouseover. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.


Mitigation

Install update from vendor's website:

  • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 – Download the update
  • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1 – Download the update
  • Internet Explorer 6 for Microsoft Windows XP Service Pack 2 – Download the update
  • Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 – Download the update
  • Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems – Download the update
  • Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition – Download the update
  • Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition – Download the update

Vulnerable software versions

Microsoft Internet Explorer: 5.01 - 6

External links

http://technet.microsoft.com/en-us/library/security/ms06-013.aspx


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

9) Memory corruption

EUVDB-ID: #VU1230

Risk: Critical

CVSSv3.1: 8.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2006-1359

CWE-ID: CWE-119 - Memory corruption

Exploit availability: Yes

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in createTextRange() DHTML method when handling unexpected user input for radio button control. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: this vulnerability is being actively exploited.

Mitigation

Install update from vendor's website:

  • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 – Download the update
  • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1 – Download the update
  • Internet Explorer 6 for Microsoft Windows XP Service Pack 2 – Download the update
  • Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 – Download the update
  • Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems – Download the update
  • Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition – Download the update
  • Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition – Download the update

Vulnerable software versions

Microsoft Internet Explorer: 5.01 - 6

External links

http://technet.microsoft.com/library/security/917077
http://technet.microsoft.com/en-us/library/security/ms06-013.aspx
http://www.securityfocus.com/archive/1/archive/1/428600/100/0/threaded


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.



###SIDEBAR###