CVE-2006-3357
published 2006-07-06CVE-2006-3357: Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) in Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
35.27%
98.2th percentile
Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) in Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code by repeatedly setting the Image field of an Internet.HHCtrl.1 object to certain values, possibly related to improper escaping and long strings.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | httpd | — | — |
| microsoft | internet_explorer | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_apache5.4LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9862-cg6x-84h4: Heap-based buffer overflow in HTML Help ActiveX control (hhctrl
ghsa_unreviewed·2022-05-01
CVE-2006-3357 [HIGH] GHSA-9862-cg6x-84h4: Heap-based buffer overflow in HTML Help ActiveX control (hhctrl
Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) in Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code by repeatedly setting the Image field of an Internet.HHCtrl.1 object to certain values, possibly related to improper escaping and long strings.
Apache
Apache httpd: CVE-2005-3357
vendor_apache·CVSS 5.4
CVE-2005-3357 [LOW] Apache httpd: CVE-2005-3357
Apache httpd: CVE-2005-3357
A NULL pointer dereference flaw in mod_ssl was discovered affecting server configurations where an SSL virtual host is configured with access control and a custom 400 error document. A remote attacker could send a carefully crafted request to trigger this issue which would lead to a crash. This crash would only be a denial of service if using the worker MPM. Reported to security team 2005-12-05 Issue public 2005-12-12 Update 2.2.2 released 2006-05-01 Update 2.0.58 released 2006-05-01 Affects 2.2.0, 2.0.55, 2.0.54, 2.0.53, 2.0.52, 2.0.51, 2.0.50, 2.0.49, 2.0.48, 2.0.47, 2.0.46, 2.0.45, 2.0.44, 2.0.43, 2.0.42, 2.0.40, 2.0.39, 2.0.37, 2.0.36, 2.0.35 Copyright © 1997-2026 The Apache Software Foundation. Apache HTTP Server, Apache, the Apache logo and the Apache HTTP
No detection rules found.
No public exploits indexed.
http://browserfun.blogspot.com/2006/07/mobb-2-internethhctrl-image-property.htmlhttp://secunia.com/advisories/20906http://securitytracker.com/id?1016434http://www.kb.cert.org/vuls/id/159220http://www.osvdb.org/26835http://www.securityfocus.com/archive/1/442733/100/0/threadedhttp://www.securityfocus.com/bid/18769http://www.tippingpoint.com/security/advisories/TSRT-06-08.htmlhttp://www.us-cert.gov/cas/techalerts/TA06-220A.htmlhttp://www.vupen.com/english/advisories/2006/2634http://www.vupen.com/english/advisories/2006/2635https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-046https://exchange.xforce.ibmcloud.com/vulnerabilities/27573https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13http://browserfun.blogspot.com/2006/07/mobb-2-internethhctrl-image-property.htmlhttp://secunia.com/advisories/20906http://securitytracker.com/id?1016434http://www.kb.cert.org/vuls/id/159220http://www.osvdb.org/26835http://www.securityfocus.com/archive/1/442733/100/0/threadedhttp://www.securityfocus.com/bid/18769http://www.tippingpoint.com/security/advisories/TSRT-06-08.htmlhttp://www.us-cert.gov/cas/techalerts/TA06-220A.htmlhttp://www.vupen.com/english/advisories/2006/2634http://www.vupen.com/english/advisories/2006/2635https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-046https://exchange.xforce.ibmcloud.com/vulnerabilities/27573https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13
2006-07-06
Published