CVE-2006-3357: Buffer Overflow
First published: Thu Jul 06 2006(Updated: )
Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) in Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code by repeatedly setting the Image field of an Internet.HHCtrl.1 object to certain values, possibly related to improper escaping and long strings.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Internet Explorer | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://browserfun.blogspot.com/2006/07/mobb-2-internethhctrl-image-property.html
- http://www.securityfocus.com/bid/18769
- http://www.osvdb.org/26835
- http://secunia.com/advisories/20906
- http://www.kb.cert.org/vuls/id/159220
- http://securitytracker.com/id?1016434
- http://www.us-cert.gov/cas/techalerts/TA06-220A.html
- http://www.tippingpoint.com/security/advisories/TSRT-06-08.html
- http://www.vupen.com/english/advisories/2006/2634
- http://www.vupen.com/english/advisories/2006/2635
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27573
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-046
- http://www.securityfocus.com/archive/1/442733/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-3357?
CVE-2006-3357 is rated as critical due to its potential for remote code execution and denial of service.
How do I fix CVE-2006-3357?
To fix CVE-2006-3357, users should update to a newer version of Internet Explorer that is not affected by this vulnerability.
What are the potential impacts of CVE-2006-3357?
The potential impacts of CVE-2006-3357 include application crashes and the ability for attackers to execute arbitrary code.
Is CVE-2006-3357 specific to a particular version of Internet Explorer?
Yes, CVE-2006-3357 specifically affects Microsoft Internet Explorer 6.0.
Can CVE-2006-3357 be exploited remotely?
Yes, CVE-2006-3357 can be exploited remotely by attackers using crafted inputs to the HTML Help ActiveX control.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-historical
- vendor/microsoft
- product/internet explorer
- canonical/microsoft internet explorer
- agent/software-canonical-lookup-request
- collector/nvd-index
- canonical/internet explorer
- version/internet explorer/6.0