CVE-2006-3869Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft IE

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
72.4%
top 1.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft IE
Timeline
PublishedAug 23
Latest updateMay 1

Description

Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDmicrosoft/ie6.0

Patches

Patch: support.microsoft.comPatch: www.kb.cert.orgPatch: www.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-wvv3-wwf7-9f6m: Heap-based buffer overflow in URLMON2022-05-01
CVEList
CVE-2006-3869: Heap-based buffer overflow in URLMON2006-08-23
CVE-2006-3869 — Microsoft IE vulnerability | cvebase