cvelistv5 - cve-2006-5579

CVE-2006-5579 (GCVE-0-2006-5579)

Vulnerability from cvelistv5

Published

2006-12-12 20:00

Modified

2024-08-07 19:55

Severity ?

CWE

Summary

Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using JavaScript to cause certain errors simultaneously, which results in the access of previously freed memory, aka "Script Error Handling Memory Corruption Vulnerability."

References

URL

Tags

	http://secunia.com/secunia_research/2006-58/advisory/	x_refsource_MISC
	http://www.vupen.com/english/advisories/2006/4966	vdb-entry, x_refsource_VUPEN
	http://www.kb.cert.org/vuls/id/599832	third-party-advisory, x_refsource_CERT-VN
	http://www.us-cert.gov/cas/techalerts/TA06-346A.html	third-party-advisory, x_refsource_CERT
	http://www.osvdb.org/30813	vdb-entry, x_refsource_OSVDB
	http://www.securityfocus.com/archive/1/454969/100/200/threaded	vendor-advisory, x_refsource_HP
	http://www.securityfocus.com/archive/1/454969/100/200/threaded	vendor-advisory, x_refsource_HP
	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072	vendor-advisory, x_refsource_MS
	http://www.securityfocus.com/archive/1/454205/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/21552	vdb-entry, x_refsource_BID
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A761	vdb-entry, signature, x_refsource_OVAL
	http://secunia.com/advisories/20807	third-party-advisory, x_refsource_SECUNIA
	http://securitytracker.com/id?1017373	vdb-entry, x_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:55:53.610Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2006-58/advisory/"
          },
          {
            "name": "ADV-2006-4966",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4966"
          },
          {
            "name": "VU#599832",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/599832"
          },
          {
            "name": "TA06-346A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html"
          },
          {
            "name": "30813",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/30813"
          },
          {
            "name": "SSRT061288",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
          },
          {
            "name": "HPSBST02180",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
          },
          {
            "name": "MS06-072",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072"
          },
          {
            "name": "20061212 Secunia Research: Internet Explorer Script Error Handling MemoryCorruption",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/454205/100/0/threaded"
          },
          {
            "name": "21552",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/21552"
          },
          {
            "name": "oval:org.mitre.oval:def:761",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A761"
          },
          {
            "name": "20807",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20807"
          },
          {
            "name": "1017373",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017373"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-12-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using JavaScript to cause certain errors simultaneously, which results in the access of previously freed memory, aka \"Script Error Handling Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01.000Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2006-58/advisory/"
        },
        {
          "name": "ADV-2006-4966",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4966"
        },
        {
          "name": "VU#599832",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/599832"
        },
        {
          "name": "TA06-346A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html"
        },
        {
          "name": "30813",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/30813"
        },
        {
          "name": "SSRT061288",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
        },
        {
          "name": "HPSBST02180",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
        },
        {
          "name": "MS06-072",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072"
        },
        {
          "name": "20061212 Secunia Research: Internet Explorer Script Error Handling MemoryCorruption",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/454205/100/0/threaded"
        },
        {
          "name": "21552",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/21552"
        },
        {
          "name": "oval:org.mitre.oval:def:761",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A761"
        },
        {
          "name": "20807",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20807"
        },
        {
          "name": "1017373",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017373"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-5579",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using JavaScript to cause certain errors simultaneously, which results in the access of previously freed memory, aka \"Script Error Handling Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://secunia.com/secunia_research/2006-58/advisory/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2006-58/advisory/"
            },
            {
              "name": "ADV-2006-4966",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/4966"
            },
            {
              "name": "VU#599832",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/599832"
            },
            {
              "name": "TA06-346A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html"
            },
            {
              "name": "30813",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/30813"
            },
            {
              "name": "SSRT061288",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
            },
            {
              "name": "HPSBST02180",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
            },
            {
              "name": "MS06-072",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072"
            },
            {
              "name": "20061212 Secunia Research: Internet Explorer Script Error Handling MemoryCorruption",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/454205/100/0/threaded"
            },
            {
              "name": "21552",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/21552"
            },
            {
              "name": "oval:org.mitre.oval:def:761",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A761"
            },
            {
              "name": "20807",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20807"
            },
            {
              "name": "1017373",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017373"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2006-5579",
    "datePublished": "2006-12-12T20:00:00.000Z",
    "dateReserved": "2006-10-27T00:00:00.000Z",
    "dateUpdated": "2024-08-07T19:55:53.610Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2006-AVI-545

Vulnerability from certfr_avis

De multiples vulnérabilités présentes dans Microsoft Internet Explorer permettent l'exécution de code arbitraire à distance ou le contournement de la politique de sécurité.

Description

La première vulnérabilité exploite une mauvaise gestion de la libération de la mémoire dans certaines situations. Une personne malintentionnée peut utiliser cette vulnérabilité afin d'exécuter du code arbitraire à distance par le biais d'une page Web spécialement conçue.

La seconde vulnérabilité réside dans une mauvaise gestion des appels des fonctions des scripts au format DHTML. Un utilisateur malveillant peut exploiter cette vulnérabilité afin d'exécuter du code arbitraire à distance par le biais d'une page Web spécialement conçue.

La troisième vulnérabilité consiste en une mauvaise gestion des opérations Glisser-Déplacer (Drag and Drop) dans certaines conditions. Un utilisateur malveillant exploitant cette vulnérabilité pourrait accéder à certains fichiers présents sur l'ordinateur de sa victime.

La quatrième vulnérabilité permet de divulguer le contenu mis en cache dans le dossier Temporay Internet Files. Une personne malveillante exploitant cette vulnérabilité pourrait accéder à certains fichiers présents sur l'ordinateur de sa victime par le biais d'une page Web spécialement conçue. L'exploitation de cette vulnérabilité nécessite une action de l'utilisateur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	N/A	Microsoft Internet Explorer 5.01 ;
	Microsoft	N/A	Microsoft Internet Explorer 6.

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted