Sign-up

ID

VAR-200607-0093


CVE

CVE-2006-3354


TITLE

Microsoft Internet Explorer ADODB.Recordset Null pointer reference denial of service vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200607-017

DESCRIPTION

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference. Microsoft Internet Explorer is prone to a denial-of-service condition when processing the 'ADODB.Recordset Filter Property' COM object. A successful attack may cause the browser to fail due to a null-pointer dereference. Microsoft Internet Explorer is a very popular WEB browser released by Microsoft. When the properties of the ADODB.Recordset ActiveX object are assigned different values ​​three times, the null pointer reference problem will be triggered. If the user is tricked into accessing a malicious WEB page containing malformed ActiveX reference code, it will cause IE to deny service

Trust: 1.26

sources: NVD: CVE-2006-3354 // BID: 18773 // VULHUB: VHN-19462

AFFECTED PRODUCTS

vendor:microsoftmodel:iescope:eqversion:6

Trust: 1.6

vendor:microsoftmodel:iescope:eqversion:6.0

Trust: 1.6

vendor:microsoftmodel:internet explorerscope:eqversion:6.0

Trust: 1.3

vendor:microsoftmodel:internet explorerscope:eqversion:6.0.2900.2180

Trust: 1.0

vendor:microsoftmodel:internet explorerscope:eqversion:6.0.2800.1106

Trust: 1.0

vendor:canonmodel:network camera server vb101scope:eqversion:*

Trust: 1.0

vendor:microsoftmodel:internet explorerscope:eqversion:6.0.2800

Trust: 1.0

vendor:microsoftmodel:internet explorerscope:eqversion:6

Trust: 1.0

vendor:microsoftmodel:internet explorerscope:eqversion:6.0.2600

Trust: 1.0

vendor:microsoftmodel:iescope:eqversion:6.0.2900.2180

Trust: 0.6

vendor:microsoftmodel:iescope:eqversion:6.0.2800

Trust: 0.6

vendor:microsoftmodel:iescope:eqversion:6.0.2600

Trust: 0.6

vendor:microsoftmodel:iescope:eqversion:6.0.2800.1106

Trust: 0.6

vendor:microsoftmodel:internet explorer sp1scope:eqversion:6.0

Trust: 0.3

sources: BID: 18773 // CNNVD: CNNVD-200607-017 // NVD: CVE-2006-3354

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-3354
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200607-017
value: MEDIUM

Trust: 0.6

VULHUB: VHN-19462
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-3354
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-19462
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-19462 // CNNVD: CNNVD-200607-017 // NVD: CVE-2006-3354

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-3354

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200607-017

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200607-017

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-19462

EXTERNAL IDS
db:BIDid:18773
Trust: 2.0
db:OSVDBid:26834
Trust: 1.7
db:NVDid:CVE-2006-3354
Trust: 1.7
db:CNNVDid:CNNVD-200607-017
Trust: 0.7
db:EXPLOIT-DBid:28145
Trust: 0.1
db:VULHUBid:VHN-19462
Trust: 0.1
sources:
            
            
            VULHUB: VHN-19462 // 
            
            
            
            BID: 18773 // 
            
            
            
            CNNVD: CNNVD-200607-017 // 
            
            
            
            NVD: CVE-2006-3354

REFERENCES
url:http://browserfun.blogspot.com/2006/07/mobb-1-adodbrecordset-filter-property.html
Trust: 2.0
url:http://www.securityfocus.com/bid/18773
Trust: 1.7
url:http://www.osvdb.org/26834
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/27596
Trust: 1.7
url:http://www.microsoft.com/windows/ie/default.mspx
Trust: 0.3
sources:
            
            
            VULHUB: VHN-19462 // 
            
            
            
            BID: 18773 // 
            
            
            
            CNNVD: CNNVD-200607-017 // 
            
            
            
            NVD: CVE-2006-3354

CREDITS
H D Moore hdm@metasploit.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200607-017

SOURCES
db:VULHUBid:VHN-19462
db:BIDid:18773
db:CNNVDid:CNNVD-200607-017
db:NVDid:CVE-2006-3354

LAST UPDATE DATE
2024-08-14T14:59:12.657000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-19462date:2017-07-20T00:00:00
db:BIDid:18773date:2006-07-04T20:54:00
db:CNNVDid:CNNVD-200607-017date:2021-07-27T00:00:00
db:NVDid:CVE-2006-3354date:2021-07-23T15:04:41.580

SOURCES RELEASE DATE
db:VULHUBid:VHN-19462date:2006-07-06T00:00:00
db:BIDid:18773date:2006-07-03T00:00:00
db:CNNVDid:CNNVD-200607-017date:2006-07-05T00:00:00
db:NVDid:CVE-2006-3354date:2006-07-06T01:05:00