CVE-2006-1245

Microsoft Internet Explorer 6.0.2900.2180 - Buffer Overflow

Title source: llm

Description

Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability."

Exploits (2)

exploitdb WORKING POC VERIFIED

by Michal Zalewski · textdoswindows

https://www.exploit-db.com/exploits/27433

View Code ZIP pw:eip

exploitdb WORKING POC

htmldoswindows

https://www.exploit-db.com/exploits/1838

View Code ZIP pw:eip

References (19)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2006-02/0855.html

[Patch, Vendor Advisory] http://secunia.com/advisories/18957

[Patch, Vendor Advisory] http://secunia.com/advisories/19269

[Patch] http://securitytracker.com/id?1015794

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/984473

[Exploit] http://www.osvdb.org/23964

[Exploit, Patch] http://www.securityfocus.com/bid/17131

[Third Party Advisory, US Government Resource] http://www.us-cert.gov/cas/techalerts/TA06-101A.html

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/25292

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/428810/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/453436/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/453554/100/0/threaded

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1451

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1569

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1599

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1632

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1766

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/1318

Scores

EPSS 0.6967

EPSS Percentile 98.7%

Details

Status published

Products (1)

microsoft/ie 6.0 sp2

Published Mar 17, 2006

Tracked Since Feb 18, 2026