First published: Thu Jul 27 2006(Updated: )
Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen function.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Internet Explorer | =6.0 | |
Internet Explorer | =6.0-sp1 | |
Internet Explorer | =6.0-sp2 | |
Microsoft Windows XP | =sp2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2006-3899 has been classified as a denial of service vulnerability.
CVE-2006-3899 exploits a flaw in the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object, leading to an application crash.
CVE-2006-3899 affects Internet Explorer 6.0, including its SP1 and SP2 versions.
CVE-2006-3899 impacts Microsoft Windows XP SP2 when using the affected versions of Internet Explorer.
There is no specific workaround for CVE-2006-3899; updating the affected software is the recommended approach.