CVE-2006-7065

Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0163.html	Exploit
http://www.securityfocus.com/bid/19364	Exploit Vendor Advisory
http://www3.ca.com/be/securityadvisor/vulninfo/Vuln.aspx?ID=34511
http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0163.html	Exploit
http://www.securityfocus.com/bid/19364	Exploit Vendor Advisory
http://www3.ca.com/be/securityadvisor/vulninfo/Vuln.aspx?ID=34511

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:ie:6::microsoft_windows_server_2003_sp1:::::
	cpe:2.3:a:microsoft:ie:6::windows_2000:::::
	cpe:2.3:a:microsoft:ie:6::windows_server_2003:::::
	cpe:2.3:a:microsoft:ie:6::windows_xp_professional_64bit:::::
	cpe:2.3:a:microsoft:ie:6:sp1:windows_98:::::*
	cpe:2.3:a:microsoft:ie:6:sp1:windows_98_se:::::*
	cpe:2.3:a:microsoft:ie:6:sp1:windows_millennium:::::*
	cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:::::*
	cpe:2.3:a:microsoft:ie:6:windows_2000_sp4::::::
	cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1::::::
	cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium::::::
	cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium_systems::::::
	cpe:2.3:a:microsoft:ie:6:windows_xp_sp2::::::
	cpe:2.3:a:microsoft:ie:6.0::windows_server:::::
	cpe:2.3:a:microsoft:ie:6.0::windows_server_2003:::::
	cpe:2.3:a:microsoft:ie:6.0::windowsxp:::::
	cpe:2.3:a:microsoft:ie:6.0:sp1::::::
	cpe:2.3:a:microsoft:ie:6.0:sp1:windows_2000:::::*
	cpe:2.3:a:microsoft:ie:6.0:sp1:windows_xp:::::*
	cpe:2.3:a:microsoft:ie:6.0:sp2::::::
	cpe:2.3:a:microsoft:ie:6.0:sp2:windows_xp:::::*
	cpe:2.3:a:microsoft:ie:6.0:windows_xp_sp2::::::
	cpe:2.3:a:microsoft:ie:7::windows_server_2003:::::
	cpe:2.3:a:microsoft:ie:7:windows_2000_sp4::::::
	cpe:2.3:a:microsoft:ie:7:windows_server_2003_sp1::::::
	cpe:2.3:a:microsoft:ie:7:windows_xp_sp2::::::
	cpe:2.3:a:microsoft:ie:7.0::vista:::::
	cpe:2.3:a:microsoft:ie:7.0:beta_2::::::
	cpe:2.3:a:microsoft:ie:7.0:windows_xp_sp2::::::
	cpe:2.3:a:microsoft:internet_explorer:6:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:6.0:::::::*
	cpe:2.3:a:microsoft:internet_explorer:6.0.2600:::::::*
	cpe:2.3:a:microsoft:internet_explorer:6.0.2800:::::::*
	cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:::::::*
	cpe:2.3:a:microsoft:internet_explorer:6.0.2900:::::::*
	cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:::::::*
	cpe:2.3:a:microsoft:internet_explorer:7.0:beta::::::
	cpe:2.3:a:microsoft:internet_explorer:7.0:beta1::::::
	cpe:2.3:a:microsoft:internet_explorer:7.0:beta2::::::
	cpe:2.3:a:microsoft:internet_explorer:7.0:beta3::::::
	cpe:2.3:h:canon:network_camera_server_vb101::::::::

History

21 Nov 2024, 00:24

Type	Values Removed	Values Added
References	~~() http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0163.html - Exploit~~	() http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0163.html - Exploit
References	~~() http://www.securityfocus.com/bid/19364 - Exploit, Vendor Advisory~~	() http://www.securityfocus.com/bid/19364 - Exploit, Vendor Advisory
References	~~() http://www3.ca.com/be/securityadvisor/vulninfo/Vuln.aspx?ID=34511 -~~	() http://www3.ca.com/be/securityadvisor/vulninfo/Vuln.aspx?ID=34511 -

Information

Published : 2007-03-02 21:18

Updated : 2024-11-21 00:24

NVD link : CVE-2006-7065

Mitre link : CVE-2006-7065

CVE.ORG link : CVE-2006-7065

JSON object : View

Products Affected

microsoft

internet_explorer
ie

canon

network_camera_server_vb101

CWE

NVD-CWE-Other

5.0 /10