Vulnerability Name:

CVE-2006-7065 (CCN-31814)

Assigned:2006-01-08
Published:2006-01-08
Updated:2021-07-23
Summary:Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
2.4 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: BugTraq Mailing List, Thu Jun 08 2006 - 14:00:49 CDT
Internet Explorer vulnerbility

Source: FULLDISC
Type: Exploit
20060806 bugs

Source: MITRE
Type: CNA
CVE-2006-3200

Source: MITRE
Type: CNA
CVE-2006-7065

Source: CCN
Type: Microsoft Corporation Web site
Internet Explorer 7: Home

Source: CCN
Type: OSVDB ID: 31330
Microsoft IE File:// URI src Tag IFrame DoS

Source: CCN
Type: OSVDB ID: 45259
Microsoft IE mshtml.dll Malformed IFRAME XML File / XSL Stylesheet Handling DoS

Source: BID
Type: Exploit, Vendor Advisory
19364

Source: CCN
Type: BID-19364
Microsoft Internet Explorer IFrame Refresh Denial of Service Vulnerability

Source: MISC
Type: UNKNOWN
http://www3.ca.com/be/securityadvisor/vulninfo/Vuln.aspx?ID=34511

Source: XF
Type: UNKNOWN
ie-iframefile-dos(31814)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:ie:6.0:*:windowsxp:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp1:windows_2000:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp1:windows_xp:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6:windows_server_2003_sp1_itanium:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6:windows_server_2003_sp1_itanium_systems:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6:*:windows_2000:*:*:*:*:*
  • OR cpe:/h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:*:windows_server:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp2:windows_xp:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:7.0:beta_2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6:sp1:windows_millennium:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:7.0:windows_xp_sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6:*:microsoft_windows_server_2003_sp1:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:7:*:windows_server_2003:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:7.0:*:vista:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:7:windows_server_2003_sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6:sp1:windows_98:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6:*:windows_server_2003:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:7:windows_xp_sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:windows_xp_sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6:sp1:windows_98_se:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:7:windows_2000_sp4:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0:beta:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:ie:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft ie 6.0
    microsoft ie 6.0 sp1
    microsoft ie 6.0 sp1
    microsoft ie 6.0 sp1
    microsoft ie 6 windows_2000_sp4
    microsoft ie 6 windows_server_2003_sp1
    microsoft ie 6 windows_server_2003_sp1_itanium
    microsoft ie 6 windows_server_2003_sp1_itanium_systems
    microsoft ie 6 windows_xp_sp2
    microsoft internet explorer 6.0
    microsoft internet explorer 6.0.2600
    microsoft ie 6
    canon network camera server vb101 *
    microsoft ie 6.0
    microsoft internet explorer 6 sp1
    microsoft ie 6
    microsoft ie 6.0 sp2
    microsoft ie 7.0 beta_2
    microsoft ie 6 sp1
    microsoft ie 7.0 windows_xp_sp2
    microsoft ie 6
    microsoft ie 7
    microsoft ie 6.0
    microsoft ie 7.0
    microsoft ie 7 windows_server_2003_sp1
    microsoft ie 6 sp1
    microsoft ie 6
    microsoft internet explorer 6.0.2800
    microsoft internet explorer 6.0.2800.1106
    microsoft internet explorer 6.0.2900
    microsoft internet explorer 6.0.2900.2180
    microsoft internet explorer 7.0 beta2
    microsoft internet explorer 7.0 beta3
    microsoft ie 7 windows_xp_sp2
    microsoft ie 6.0 windows_xp_sp2
    microsoft ie 6 sp1
    microsoft ie 7 windows_2000_sp4
    microsoft ie 6.0 sp2
    microsoft ie 6 sp1
    microsoft internet explorer 7.0 beta
    microsoft internet explorer 7.0 beta1
    microsoft ie *