Microsoft Internet Explorer up to 6 HTML Tag Event denial of service
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.2 | $5k-$25k | 0.00 |
A vulnerability classified as critical was found in Microsoft Internet Explorer up to 6 (Web Browser). Affected by this vulnerability is an unknown part of the component HTML Tag Event Handler. The manipulation with an unknown input leads to a denial of service vulnerability. The CWE definition for the vulnerability is CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. As an impact it is known to affect availability. The summary by CVE is:
Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability."
The weakness was shared 03/20/2006 by Michal Zalewski as confirmed posting (Bugtraq). The advisory is shared at archives.neohapsis.com. This vulnerability is known as CVE-2006-1245 since 03/17/2006. The attack can be launched remotely. The exploitation doesn't need any form of authentication. It demands that the victim is doing some kind of user interaction. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $5k-$25k at the moment (estimation calculated on 03/12/2021). It is expected to see the exploit prices for this product decreasing in the near future.MITRE ATT&CK project uses the attack technique T1499 for this issue.
It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 21210 (MS06-013: Cumulative Security Update for Internet Explorer (912812)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins. The commercial vulnerability scanner Qualys is able to test this issue with plugin 100034 (Microsoft Internet Explorer Cumulative Security Update Missing (MS06-013)).
Applying a patch is able to eliminate this problem. The bugfix is ready for download at windowsupdate.microsoft.com. The problem might be mitigated by replacing the product with as an alternative. The best possible mitigation is suggested to be establishing an alternative product. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 4264.
The vulnerability is also documented in the databases at X-Force (25292) and Tenable (21210). The entries 2102, 2110, 2138 and 2146 are related to this item.
Product
Type
Vendor
Name
Version
License
Support
- end of life
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.5VulDB Meta Temp Score: 6.2
VulDB Base Score: 6.5
VulDB Temp Score: 6.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Denial of serviceCWE: CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Nessus ID: 21210
Nessus Name: MS06-013: Cumulative Security Update for Internet Explorer (912812)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: AlternativeStatus: 🔍
Patch: windowsupdate.microsoft.com
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
ISS Proventia IPS: 🔍
PaloAlto IPS: 🔍
Fortigate IPS: 🔍
Timeline
03/16/2006 🔍03/16/2006 🔍
03/16/2006 🔍
03/17/2006 🔍
03/20/2006 🔍
03/20/2006 🔍
03/20/2006 🔍
03/26/2006 🔍
03/12/2021 🔍
Sources
Vendor: microsoft.comAdvisory: archives.neohapsis.com
Researcher: Michal Zalewski
Status: Confirmed
CVE: CVE-2006-1245 (🔍)
OVAL: 🔍
X-Force: 25292 - Microsoft Internet Exporer mshtml.dll buffer overflow, High Risk
SecurityTracker: 1015794 - (Vendor Issues Fix) Microsoft Internet Explorer 'mshtml.dll' Bug in Processing Multiple Action Handlers Lets Remote Users Deny Service
Vulnerability Center: 10807 - [MS06-013] Internet Explorer Buffer Overflow via mshtml.dll, Medium
SecurityFocus: 17131 - Microsoft Internet Explorer Script Action Handler Buffer Overflow Vulnerability
Secunia: 19269 - Internet Explorer Multiple Event Handlers Memory Corruption Vulnerability, Highly Critical
OSVDB: 23964
Vupen: ADV-2006-1318
See also: 🔍
Entry
Created: 03/20/2006 17:33Updated: 03/12/2021 14:28
Changes: 03/20/2006 17:33 (57), 04/07/2017 12:01 (38), 03/12/2021 14:21 (3), 03/12/2021 14:28 (1)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.