Vulnerability CVE-2006-6956 - CERT Civis.Net

Vulnerability Name:

CVE-2006-6956 (CCN-26898)

Assigned:

2006-05-30

Published:

2006-05-30

Updated:

2021-07-23

Summary:

Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: CCN
Type: BugTraq Mailing List, Tue May 30 2006 - 07:03:36 CDT
Fire fox dos exploit

Source: CCN
Type: BugTraq Mailing List, Wed May 31 2006 - 08:59:24 CDT
Re: Fire fox dos exploit

Source: CCN
Type: BugTraq Mailing List, Wed May 31 2006 - 12:28:24 CDT
Re: Fire fox dos exploit

Source: CCN
Type: BugTraq Mailing List, Wed May 31 2006 - 13:29:54 CDT
Re: Re: Fire fox dos exploit

Source: CCN
Type: BugTraq Mailing List, Wed May 31 2006 - 15:14:41 CDT
Re: Fire fox dos exploit

Source: BUGTRAQ
Type: Exploit, Vendor Advisory
20060608 Ie opera dos exploit

Source: CCN
Type: BugTraq Mailing List, Thu Jun 08 2006 - 05:06:08 CDT
Ie opera dos exploit

Source: CCN
Type: BugTraq Mailing List, Thu Jun 22 2006 - 19:27:07 CDT
flock d0s exploit remote. beta 1 (v0.7)

Source: MITRE
Type: CNA
CVE-2006-2723

Source: MITRE
Type: CNA
CVE-2006-6954

Source: MITRE
Type: CNA
CVE-2006-6955

Source: MITRE
Type: CNA
CVE-2006-6956

Source: CCN
Type: Flock Web site
Flock - The web browser for you and your friends

Source: CCN
Type: OSVDB ID: 27208
Mozilla Firefox Nested marquee Tag Handling DoS

Source: CCN
Type: OSVDB ID: 58816
Flock Browser Nested marquee Tag Handling DoS

Source: CCN
Type: OSVDB ID: 58817
Microsoft IE Nested marquee Tag Handling DoS

Source: CCN
Type: OSVDB ID: 58818
Opera Nested marquee Tag Handling DoS

Source: CCN
Type: OSVDB ID: 64160
Opera Content Writing Uninitialized Memory Corruption

Source: CCN
Type: BID-18165
Multiple Browser Marquee Denial of Service Vulnerability

Source: CCN
Type: Mozilla Bugzilla Bug 239840
hang when many dl and marquee tags are used. exponential time increase depending on number of dl tags..

Source: XF
Type: UNKNOWN
firefox-marquee-dos(26898)

Source: XF
Type: UNKNOWN
firefox-marquee-dos(26898)

Vulnerable Configuration:

Configuration 1:

cpe:/a:microsoft:internet_explorer:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:opera:opera_browser:*:*:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*

OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*

OR cpe:/a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*

Denotes that component is vulnerable