{ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2006-3869", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "n/a", "version" : { "version_data" : [ { "version_value" : "n/a" } ] } } ] }, "vendor_name" : "n/a" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "n/a" } ] } ] }, "references" : { "reference_data" : [ { "name" : "20060822 EEYE:ALERT: MS06-042 Related Internet Explorer 'Crash' is Exploitable", "refsource" : "BUGTRAQ", "url" : "http://www.securityfocus.com/archive/1/444046/100/0/threaded" }, { "name" : "20060824 EEYE: Internet Explorer Compressed Content URL Heap Overflow Vulnerability", "refsource" : "BUGTRAQ", "url" : "http://www.securityfocus.com/archive/1/444241/100/0/threaded" }, { "name" : "20060825 NSFOCUS SA2006-08 : Microsoft IE6 urlmon.dll Long URL Buffer Overflow Vulnerability", "refsource" : "BUGTRAQ", "url" : "http://www.securityfocus.com/archive/1/444319/100/0/threaded" }, { "name" : "http://www.nsfocus.com/english/homepage/research/0608.htm", "refsource" : "MISC", "url" : "http://www.nsfocus.com/english/homepage/research/0608.htm" }, { "name" : "http://support.microsoft.com/kb/923762/", "refsource" : "CONFIRM", "url" : "http://support.microsoft.com/kb/923762/" }, { "name" : "http://www.microsoft.com/technet/security/advisory/923762.mspx", "refsource" : "CONFIRM", "url" : "http://www.microsoft.com/technet/security/advisory/923762.mspx" }, { "name" : "VU#821156", "refsource" : "CERT-VN", "url" : "http://www.kb.cert.org/vuls/id/821156" }, { "name" : "19667", "refsource" : "BID", "url" : "http://www.securityfocus.com/bid/19667" }, { "name" : "ADV-2006-3356", "refsource" : "VUPEN", "url" : "http://www.vupen.com/english/advisories/2006/3356" }, { "name" : "28132", "refsource" : "OSVDB", "url" : "http://www.osvdb.org/28132" }, { "name" : "1016731", "refsource" : "SECTRACK", "url" : "http://securitytracker.com/id?1016731" }, { "name" : "21557", "refsource" : "SECUNIA", "url" : "http://secunia.com/advisories/21557" }, { "name" : "1441", "refsource" : "SREASON", "url" : "http://securityreason.com/securityalert/1441" }, { "name" : "ie-long-url-bo(28522)", "refsource" : "XF", "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28522" }, { "name" : "ie-url-compression-bo(28893)", "refsource" : "XF", "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/28893" } ] } }