Microsoft Internet Explorer Cross Domain Information Disclosure (MS06-042; CVE-2006-3280)

Microsoft Internet Explorer IE is the most widely used web browser application. The browser is capable of processing HTML, images, scripting languages, and various other popular Internet specifications. Internet Explorer has numerous built-in mechanisms that enforce security policies which are...

Microsoft IE FTP URI处理任意FTP命令执行漏洞（MS06-042）

Microsoft Internet Explorer是微软发布的非常流行的WEB浏览器。 Microsoft Internet Explorer对URI参数串的处理上存在漏洞，远程攻击者可能利用此漏洞在用户访问的FTP服务器上执行恶意命令。 Internet Explorer允许用户在地址栏中输入ftp://ftpuser:ftppass@server/directory 以访问登录FTP服务器。如果攻击者在FTP命令前加入URL编码的换行符（%0a）的话，就可以通过ftp:// URL向FTP会话中注入命令。但攻击者只能执行用户可以在FTP服务器上允许执行的操作。 Microsoft...

Microsoft Internet Explorer OuterHTML重新定向信息泄漏漏洞（MS06-042）

Internet Explorer是微软发布的非常流行的WEB浏览器。 Microsoft Internet Explorer中存在跨域漏洞。攻击者可以创建特制的对象标签，该标签的数据参数引用了攻击者站点的链接，而这个站点将Location HTTP首部指定为目标站点，这样就可以通过对象的outerHTML属性读取敏感信息。 Microsoft Internet Explorer 6.0 Microsoft已经为此发布了一个安全公告（MS06-042）以及相应补丁: MS06-042：Cumulative Security Update for Internet Explorer...

Microsoft IE多个CSS导入内存破坏漏洞（MS06-042）

Microsoft Internet Explorer是微软发布的非常流行的WEB浏览器。 Microsoft Internet Explorer在处理样式表中的导入时存在问题，远程攻击者可能利用此漏洞在用户机器上执行任意指令。 如果对样式表集使用了多个导入的话，就可能出现不正确的垃圾收集（garbage collection）。攻击者可以在HTML文档中创建一系列CSS导入，如果用户用IE打开了该文档就会导致内存破坏和代码执行。 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 Microsoft...

Microsoft IE压缩内容URL堆溢出漏洞（MS06-042）

Internet Explorer是微软发布的非常流行的WEB浏览器。 IE新发布的补丁中出现了一个处理URL的堆溢出漏洞，远程攻击者可能利用此漏洞在用户机器上执行任意指令。 由于没有正确的使用lstrcpynA，带有MS06-042补丁的URLMON.DLL中存在堆溢出漏洞。CMimeFt::Create为CMimeFt类的新例程分配了390h字节的堆块，其中的+160h偏移处存在104h MAXPATH字节的ASCII字符缓冲区： 1A4267F8 push 390h ; cb 1A4267FD call ??2@YAPAXI@Z ; operator newuint...

PT-2006-4725 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer 6 SP1 versions prior to MS06-042 patch 20060912 Description: A remote code execution issue exists in the way Internet Explorer handles long URLs in websites using HTTP 1.1 protocol and compression. This could allow...

NSFOCUS SA2006-08 : Microsoft IE6 urlmon.dll Long URL Buffer Overflow Vulnerability

NSFOCUS Security Advisory SA2006-08 Microsoft IE6 urlmon.dll Long URL Buffer Overflow Vulnerability Release Date: 2006-08-25 CVE ID: CVE-2006-3869 http://www.nsfocus.com/english/homepage/research/0608.htm Affected systems & software =================== Internet Explorer 6 SP1 with MS06-042 -...

[Full-disclosure] EEYE: Internet Explorer Compressed Content URL Heap Overflow Vulnerability

Internet Explorer Compressed Content URL Heap Overflow Vulnerability Release Date: August 24, 2006 Date Reported: August 17, 2006 Severity: High Code Execution Systems Affected: Internet Explorer 6 SP1 with MS06-042 - Windows 2000 Internet Explorer 6 SP1 with MS06-042 - Windows XP SP1 Overview:...

CVE-2006-3869

Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service crash or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compressi...

Microsoft Security Advisory (923762) Microsoft Security Advisory (923762): Long URLs to sites using HTTP 1.1 and compression Could Cause Internet Explorer 6 Service Pack 1 to Unexpectedly Exit

Microsoft Security Advisory 923762 Microsoft Security Advisory 923762: Long URLs to sites using HTTP 1.1 and compression Could Cause Internet Explorer 6 Service Pack 1 to Unexpectedly Exit Published: August 22, 2006 On August 15, 2006 Microsoft announced that it would be re-releasing MS06-042...

EEYE:ALERT: MS06-042 Related Internet Explorer 'Crash' is Exploitable

MS06-042 Related Internet Explorer 'Crash' is Exploitable Date: August 22, 2006 Severity: High Systems Affected: Windows 2000 with IE6 SP1 and MS06-042 hotfix installed Windows XP SP1 with IE6 SP1 and MS06-042 hotfix installed Overview: On August 8th Microsoft released MS06-042 which was a...

Microsoft Internet Explorer long URL buffer overflow

Overview Microsoft Internet Explorer is vulnerable to a buffer overflow when processing a long URL on a web site that uses HTTP 1.1 compression. This could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer 6 Service...

Microsoft Internet Explorer Source Element Cross-Domain Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to an information-disclosure vulnerability because it fails to properly enforce cross-domain policies. This issue may allow attackers to access arbitrary websites in the context of a targeted user's browser session. This may allow attackers to...