CVE-2006-3873 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft IE

3 documents3 sources

Severity

7.5HIGHNVD

EPSS

46.2%

top 2.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft IE Microsoft Windows 2003 Server

Timeline

PublishedSep 12

Latest updateMay 1

Description

Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/windows_2003_server4 versions+3

▶NVDmicrosoft/ie6.0

Patches

Patch: weblog.infoworld.com ↗Patch: weblog.infoworld.com ↗

🔴Vulnerability Details

GHSA

GHSA-p2jw-xr8p-fh9v: Heap-based buffer overflow in URLMON↗2022-05-01

▶

CVEList

CVE-2006-3873: Heap-based buffer overflow in URLMON↗2006-09-12

▶