Vulnerability CVE-2006-1388

Vulnerability Name:

CVE-2006-1388 (CCN-25394)

Assigned:

2006-03-22

Published:

2006-03-22

Updated:

2021-07-23

Summary:

Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: FULLDISC
Type: UNKNOWN
20060321 IE .hta vulnerability reported

Source: MITRE
Type: CNA
CVE-2006-1388

Source: CCN
Type: jeffrey.vanderstad.net
The grasshopper vulnerability

Source: MISC
Type: UNKNOWN
http://jeffrey.vanderstad.net/grasshopper/

Source: MISC
Type: UNKNOWN
http://news.zdnet.com/2100-1009_22-6052396.html?tag=zdfd.newsfeed

Source: CCN
Type: SA19378
Internet Explorer Unspecified Automatic .HTA Application Execution

Source: SECUNIA
Type: UNKNOWN
19378

Source: CCN
Type: SECTRACK ID: 1015800
(Vendor Issues Fix) Microsoft Internet Explorer (IE) Lets Remote Users Cause HTA Files to Be Executed

Source: SECTRACK
Type: UNKNOWN
1015800

Source: CCN
Type: ASA-2006-079
Windows Security Updates for April 2006 - (MS06-013 - MS06-017)

Source: CCN
Type: US-CERT VU#434641
Microsoft Internet Explorer may automatically execute HTA files

Source: CERT-VN
Type: US Government Resource
VU#434641

Source: CCN
Type: Microsoft Security Bulletin MS06-013
Cumulative Security Update for Internet Explorer (912812)

Source: CCN
Type: Microsoft Security Bulletin MS06-021
Cumulative Security Update for Internet Explorer (916281)

Source: CCN
Type: Microsoft Security Bulletin MS06-042
Cumulative Security Update for Internet Explorer (918899)

Source: CCN
Type: Microsoft Security Bulletin MS06-067
Cumulative Security Update for Internet Explorer (922760)

Source: CCN
Type: Microsoft Security Bulletin MS06-072
Cumulative Security Update for Internet Explorer (925454)

Source: CCN
Type: Microsoft Security Bulletin MS07-016
Cumulative Security Update for Internet Explorer (928090)

Source: CCN
Type: Microsoft Security Bulletin MS07-027
Cumulative Security Update for Internet Explorer (931768)

Source: CCN
Type: Microsoft Security Bulletin MS07-033
Cumulative Security Update for Internet Explorer (933566)

Source: CCN
Type: Microsoft Security Bulletin MS07-045
Cumulative Security Update for Internet Explorer (937143)

Source: CCN
Type: Microsoft Security Bulletin MS07-057
Cumulative Security Update for Internet Explorer (939653)

Source: CCN
Type: Microsoft Security Bulletin MS07-069
Cumulative Security Update for Internet Explorer (942615)

Source: CCN
Type: Microsoft Security Bulletin MS08-010
Cumulative Security Update for Internet Explorer (944533)

Source: CCN
Type: Microsoft Security Bulletin MS08-024
Cumulative Security Update for Internet Explorer (947864)

Source: CCN
Type: Microsoft Security Bulletin MS08-031
Cumulative Security Update for Internet Explorer (950759)

Source: CCN
Type: Microsoft Security Bulletin MS08-045
Cumulative Security Update for Internet Explorer (953838)

Source: CCN
Type: Microsoft Security Bulletin MS08-058
Cumulative Security Update for Internet Explorer (956390)

Source: OSVDB
Type: UNKNOWN
24095

Source: CCN
Type: OSVDB ID: 24095
Microsoft IE Arbitrary HTA File Execution

Source: BID
Type: UNKNOWN
17181

Source: CCN
Type: BID-17181
Microsoft Internet Explorer Unspecified Remote HTA Execution Vulnerability

Source: CCN
Type: US-CERT Technical Cyber Security Alert TA06-101A
Microsoft Windows and Internet Explorer Vulnerabilities

Source: CERT
Type: US Government Resource
TA06-101A

Source: VUPEN
Type: UNKNOWN
ADV-2006-1318

Source: CCN
Type: Internet Security Systems Protection Alert - April 11, 2006
Cumulative Security Update for Internet Explorer

Source: MS
Type: UNKNOWN
MS06-013

Source: XF
Type: UNKNOWN
ie-hta-file-execution(25394)

Source: XF
Type: UNKNOWN
ie-hta-file-execution(25394)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1591

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1642

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1676

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1724

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1774

Vulnerable Configuration:

Configuration 1:

cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*

OR cpe:/a:microsoft:ie:6.0:sp2:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows_xp:::professional:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:-::~~standard~~~:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:::media_center:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:1774	V	IE5 HTA Execution Vulnerability (Win2K)	2014-02-24
oval:org.mitre.oval:def:1642	V	IE6 HTA Execution Vulnerability (Win2K/XP,SP1)	2014-02-24
oval:org.mitre.oval:def:1591	V	IE6 HTA Execution Vulnerability (WinXP)	2011-05-16
oval:org.mitre.oval:def:1676	V	IE6 HTA Execution Vulnerability (Server 2003,SP1)	2011-05-16
oval:org.mitre.oval:def:1724	V	IE6 HTA Execution Vulnerability (Server 2003)	2011-05-16

BACK