CVE - CVE-2006-2382

CVE-ID
CVE-2006-2382	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decoding Memory Corruption Vulnerability."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:18309 URL:http://www.securityfocus.com/bid/18309 BUGTRAQ:20060613 ZDI-06-017: Microsoft Internet Explorer UTF-8 Decoding Heap Overflow Vulnerability URL:http://www.securityfocus.com/archive/1/436985/100/0/threaded CERT:TA06-164A URL:http://www.us-cert.gov/cas/techalerts/TA06-164A.html CERT-VN:VU#136849 URL:http://www.kb.cert.org/vuls/id/136849 MISC:http://www.zerodayinitiative.com/advisories/ZDI-06-017.html MS:MS06-021 URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021 OSVDB:26443 URL:~~http://www.osvdb.org/26443~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:1414 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1414 OVAL:oval:org.mitre.oval:def:1621 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1621 OVAL:oval:org.mitre.oval:def:1752 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1752 OVAL:oval:org.mitre.oval:def:1862 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1862 OVAL:oval:org.mitre.oval:def:1906 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1906 OVAL:oval:org.mitre.oval:def:1931 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1931 SECTRACK:1016291 URL:http://securitytracker.com/id?1016291 SECUNIA:20595 URL:http://secunia.com/advisories/20595 VUPEN:ADV-2006-2319 URL:~~http://www.vupen.com/english/advisories/2006/2319~~ (Obsolete source) XF:ie-utf8-html-execute-code(26766) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26766
Assigning CNA
Microsoft Corporation
Date Record Created
20060515	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060515)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)