2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
0.957 High
EPSS
Percentile
99.4%
Microsoft Windows fails to properly handle MHTML. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system.
MHTML
According to Microsoft Security Bulletin MS06-043:
_MHTML extends HTML to embed encoded objects, such as images, in the HTML document. Although it is actually the HTML rendering extension that renders MHTML, this functionality may also be referred to as the MHTML rendering extension. _
The Problem
Microsoft Windows fails to properly handle MHTML. This vulnerability can be triggered by viewing a specially crafted MHTML document.
For more information refer to Microsoft Security Bulletin MS06-043.
A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.
Apply an update
This vulnerability is addressed in Microsoft Security Bulletin MS06-043.
Workarounds to mitigate this vulnerability until a patch can be applied are available in Microsoft Security Bulletin MS06-043.
891204
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: August 08, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to <http://www.microsoft.com/technet/security/bulletin/ms06-043.mspx>.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23891204 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
<http://www.microsoft.com/technet/security/bulletin/ms06-043.mspx>
This vulnerability was reported in Microsoft Security Bulletin MS06-043.
This document was written by Jeff Gennari.
CVE IDs: | CVE-2006-2766 |
---|---|
Severity Metric: | 14.18 Date Public: |