CVE-2006-3227
First published: Mon Jun 26 2006(Updated: )
Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set, which could be stripped by Internet Explorer to render legible text, but not when using other browsers. NOTE: there has been significant discussion about this issue, and as of 20060625, it is not clear where the responsibility for this issue lies, although it might be due to vagueness within the associated standards. NOTE: this might only be exploitable with certain encodings.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Internet Explorer | =6.0.2900 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/archive/1/438051/100/0/threaded
- http://ha.ckers.org/blog/20060621/us-ascii-xss-part-2
- http://ha.ckers.org/blog/20060621/malformed-ascii-bypasses-filters/
- http://www.osvdb.org/28376
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27288
- http://www.securityfocus.com/archive/1/438359/100/0/threaded
- http://www.securityfocus.com/archive/1/438358/100/0/threaded
- http://www.securityfocus.com/archive/1/438163/100/0/threaded
- http://www.securityfocus.com/archive/1/438154/100/0/threaded
- http://www.securityfocus.com/archive/1/438066/100/0/threaded
- http://www.securityfocus.com/archive/1/438049/100/0/threaded
- http://www.securityfocus.com/archive/1/437948/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-3227?
CVE-2006-3227 is considered to have a moderate severity due to its potential to allow visual modifications of web pages.
How can CVE-2006-3227 be mitigated?
Mitigation for CVE-2006-3227 includes updating to the latest version of Internet Explorer or using a different web browser.
What types of attacks can CVE-2006-3227 enable?
CVE-2006-3227 can enable remote attacks that modify web page presentations and possibly bypass content filters.
Which software versions are affected by CVE-2006-3227?
CVE-2006-3227 affects Internet Explorer version 6.0.2900.
What is the primary issue described in CVE-2006-3227?
The primary issue in CVE-2006-3227 is an interpretation conflict involving ASCII characters with the 8th bit set.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- vendor/microsoft
- product/internet explorer
- canonical/microsoft internet explorer
- agent/software-canonical-lookup-request
- collector/nvd-index
- canonical/internet explorer
- version/internet explorer/6.0.2900