CVE-2006-3357
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.8 High
AI Score
Confidence
High
0.97 High
EPSS
Percentile
99.8%
Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) in Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code by repeatedly setting the Image field of an Internet.HHCtrl.1 object to certain values, possibly related to improper escaping and long strings.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| microsoft:internet_explorer | microsoft internet explorer | eq | 6.0 |
References
browserfun.blogspot.com/2006/07/mobb-2-internethhctrl-image-property.html
secunia.com/advisories/20906
securitytracker.com/id?1016434
www.kb.cert.org/vuls/id/159220
www.osvdb.org/26835
www.securityfocus.com/archive/1/442733/100/0/threaded
www.securityfocus.com/bid/18769
www.tippingpoint.com/security/advisories/TSRT-06-08.html
www.us-cert.gov/cas/techalerts/TA06-220A.html
www.vupen.com/english/advisories/2006/2634
www.vupen.com/english/advisories/2006/2635
docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-046
exchange.xforce.ibmcloud.com/vulnerabilities/27573
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.8 High
AI Score
Confidence
High
0.97 High
EPSS
Percentile
99.8%