CVE-2006-1245 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-1245
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-1245

Description: Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability."

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/25292 ST 1015794 SAID Secunia Advisory: SA19269 Secunia Advisory: SA18957 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1599 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1569 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1451 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1632 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1766 OSVDB 23964 MS http://www.microsoft.com/technet/security/bulletin/ms06-013.mspx CERT-VN 984473 CERT http://www.us-cert.gov/cas/techalerts/TA06-101A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/453554/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/453436/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/428810/100/0/threaded http://archives.neohapsis.com/archives/bugtraq/2006-02/0855.html BID 17131

Return to the previous page.