| Vulnerability Name: | CVE-2006-3357 (CCN-27573) | ||||||||
| Assigned: | 2006-07-02 | ||||||||
| Published: | 2006-07-02 | ||||||||
| Updated: | 2021-07-23 | ||||||||
| Summary: | Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) in Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code by repeatedly setting the Image field of an Internet.HHCtrl.1 object to certain values, possibly related to improper escaping and long strings. | ||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: Browser Fun Blog Sunday, July 02, 2006 MoBB #2: Internet.HHCtrl Image Property Source: MISC Type: UNKNOWN http://browserfun.blogspot.com/2006/07/mobb-2-internethhctrl-image-property.html Source: MITRE Type: CNA CVE-2006-3357 Source: CCN Type: SA20906 Windows HTML Help ActiveX Control Memory Corruption Source: SECUNIA Type: Vendor Advisory 20906 Source: CCN Type: SECTRACK ID: 1016434 Microsoft HTML Help Heap Overflow in HHCtrl ActiveX Control May Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1016434 Source: CCN Type: ASA-2006-154 Windows Security Updates for August 2006 - (MS06-040 - MS06-051) Source: CCN Type: US-CERT VU#159220 Microsoft Internet Explorer vulnerable to heap overflow via the HTML Help Control "Image" property Source: CERT-VN Type: US Government Resource VU#159220 Source: CCN Type: Microsoft Security Bulletin MS06-046 Vulnerability in HTML Help Could Allow Remote Code Execution (922616) Source: CCN Type: Microsoft Security Bulletin MS07-008 Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843) Source: OSVDB Type: UNKNOWN 26835 Source: CCN Type: OSVDB ID: 26835 Microsoft IE HTML Help COM Object Image Property Heap Overflow Source: BUGTRAQ Type: UNKNOWN 20060808 TSRT-06-08: Microsoft Internet Help COM Object Memory Corruption Vulnerability Source: BID Type: Exploit 18769 Source: CCN Type: BID-18769 Microsoft Windows HTML Help HHCtrl ActiveX Control Memory Corruption Vulnerability Source: CCN Type: TSRT-06-08 Microsoft Internet Help COM Object Memory Corruption Vulnerability Source: MISC Type: UNKNOWN http://www.tippingpoint.com/security/advisories/TSRT-06-08.html Source: CCN Type: US-CERT Technical Cyber Security Alert TA06-220A Microsoft Windows, Office, and Internet Explorer Vulnerabilities Source: CERT Type: US Government Resource TA06-220A Source: VUPEN Type: UNKNOWN ADV-2006-2634 Source: VUPEN Type: UNKNOWN ADV-2006-2635 Source: MS Type: UNKNOWN MS06-046 Source: XF Type: UNKNOWN ie-hhctrl-bo(27573) Source: XF Type: UNKNOWN ie-hhctrl-bo(27573) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:13 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||