Details of VAR-200703-0270

ID

VAR-200703-0270

CVE

CVE-2006-7065

TITLE

Microsoft Internet Explorer 6 and 7 Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-003110

DESCRIPTION

Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference. Microsoft Internet Explorer is prone to a denial-of-service vulnerability when handling malicious HTML files. Successfully exploiting this issue allows attackers to consume excessive CPU resources in the affected browser and eventually cause Internet Explorer to crash, causing a denial-of-service

Trust: 1.98

sources: NVD: CVE-2006-7065 // JVNDB: JVNDB-2007-003110 // BID: 19364 // VULHUB: VHN-23173

AFFECTED PRODUCTS

vendor:	canon	model:	network camera server vb101	scope:	-	version:	-	Trust: 1.4
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	6.0	Trust: 1.3
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	6.0.2900.2180	Trust: 1.0
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	7.0	Trust: 1.0
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	6.0.2800.1106	Trust: 1.0
vendor:	microsoft	model:	ie	scope:	eq	version:	6	Trust: 1.0
vendor:	canon	model:	network camera server vb101	scope:	eq	version:	*	Trust: 1.0
vendor:	microsoft	model:	ie	scope:	eq	version:	6.0	Trust: 1.0
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	6.0.2900	Trust: 1.0
vendor:	microsoft	model:	ie	scope:	eq	version:	7.0	Trust: 1.0
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	6.0.2800	Trust: 1.0
vendor:	microsoft	model:	ie	scope:	eq	version:	7	Trust: 1.0
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	6	Trust: 1.0
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	6.0.2600	Trust: 1.0
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	6.0 and 7.0	Trust: 0.8
vendor:	microsoft	model:	internet explorer beta3	scope:	eq	version:	7.0	Trust: 0.3
vendor:	microsoft	model:	internet explorer beta2	scope:	eq	version:	7.0	Trust: 0.3
vendor:	microsoft	model:	internet explorer beta1	scope:	eq	version:	7.0	Trust: 0.3
vendor:	microsoft	model:	internet explorer sp1	scope:	eq	version:	6.0	Trust: 0.3

sources: BID: 19364 // JVNDB: JVNDB-2007-003110 // CNNVD: CNNVD-200703-042 // NVD: CVE-2006-7065

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-7065
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2006-7065
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200703-042
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-23173
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-7065
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-23173
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-23173 // JVNDB: JVNDB-2007-003110 // CNNVD: CNNVD-200703-042 // NVD: CVE-2006-7065

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-7065

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200703-042

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200703-042

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-003110

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-23173

PATCH

title:	Top Page	url:	http://canon.jp/	Trust: 0.8
title:	Internet Explorer	url:	http://windows.microsoft.com/en-US/internet-explorer/downloads/ie	Trust: 0.8
title:	Microsoft Internet Explorer Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157784	Trust: 0.6

sources: JVNDB: JVNDB-2007-003110 // CNNVD: CNNVD-200703-042

EXTERNAL IDS

db:	NVD	id:	CVE-2006-7065	Trust: 2.8
db:	BID	id:	19364	Trust: 2.0
db:	JVNDB	id:	JVNDB-2007-003110	Trust: 0.8
db:	CNNVD	id:	CNNVD-200703-042	Trust: 0.7
db:	EXPLOIT-DB	id:	28343	Trust: 0.1
db:	SEEBUG	id:	SSVID-81914	Trust: 0.1
db:	VULHUB	id:	VHN-23173	Trust: 0.1

sources: VULHUB: VHN-23173 // BID: 19364 // JVNDB: JVNDB-2007-003110 // CNNVD: CNNVD-200703-042 // NVD: CVE-2006-7065

REFERENCES

url:	http://www.securityfocus.com/bid/19364	Trust: 1.7
url:	http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0163.html	Trust: 1.7
url:	http://www3.ca.com/be/securityadvisor/vulninfo/vuln.aspx?id=34511	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-7065	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-7065	Trust: 0.8
url:	http://www.microsoft.com/windows/ie/default.mspx	Trust: 0.3

sources: VULHUB: VHN-23173 // BID: 19364 // JVNDB: JVNDB-2007-003110 // CNNVD: CNNVD-200703-042 // NVD: CVE-2006-7065

CREDITS

Thomas Pollet is credited with the discovery of this issue.

Trust: 0.9

sources: BID: 19364 // CNNVD: CNNVD-200703-042

SOURCES

db:	VULHUB	id:	VHN-23173
db:	BID	id:	19364
db:	JVNDB	id:	JVNDB-2007-003110
db:	CNNVD	id:	CNNVD-200703-042
db:	NVD	id:	CVE-2006-7065

LAST UPDATE DATE

2024-08-14T14:15:30.531000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-23173	date:	2008-09-05T00:00:00
db:	BID	id:	19364	date:	2016-07-06T14:40:00
db:	JVNDB	id:	JVNDB-2007-003110	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200703-042	date:	2021-07-27T00:00:00
db:	NVD	id:	CVE-2006-7065	date:	2021-07-23T15:06:35.703

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-23173	date:	2007-03-02T00:00:00
db:	BID	id:	19364	date:	2006-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2007-003110	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200703-042	date:	2007-03-02T00:00:00
db:	NVD	id:	CVE-2006-7065	date:	2007-03-02T21:18:00