Microsoft Internet Explorer HTML Rendering Remote Code Execution Vulnerability
BID:21020
Info
Microsoft Internet Explorer HTML Rendering Remote Code Execution Vulnerability
| Bugtraq ID: | 21020 |
| Class: | Unknown |
| CVE: |
CVE-2006-4687 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 14 2006 12:00AM |
| Updated: | Nov 29 2006 10:34PM |
| Credit: | Discovery is credited to Sam Thomas. |
| Vulnerable: |
Nortel Networks Self-Service Speech Server 0 Nortel Networks Self-Service Peri NT Server 0 Nortel Networks Self-Service Peri IVR 0 Nortel Networks Self-Service Peri Application 0 Nortel Networks Self-Service MPS 500 0 Nortel Networks Self-Service MPS 1000 0 Nortel Networks Self-Service MPS 100 0 Nortel Networks Multimedia Comm MCS5200 Nortel Networks Multimedia Comm MCS5100 Nortel Networks Enterprise VoIP TM-CS1000 Nortel Networks Contact Center Manager Server 0 Nortel Networks Contact Center Express Nortel Networks Contact Center Administration 0 Nortel Networks CallPilot 703t Nortel Networks CallPilot 702t Nortel Networks CallPilot 201i Nortel Networks CallPilot 200i Nortel Networks CallPilot 1002rp Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional SP2 Microsoft Windows XP Professional SP1 Microsoft Windows XP Professional Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Media Center Edition SP1 Microsoft Windows XP Media Center Edition Microsoft Windows XP Home SP2 Microsoft Windows XP Home SP1 Microsoft Windows XP Home Microsoft Windows XP 64-bit Edition Version 2003 SP1 Microsoft Windows XP 64-bit Edition Version 2003 Microsoft Windows XP 64-bit Edition SP1 Microsoft Windows XP 64-bit Edition Microsoft Windows XP 0 Microsoft Windows Server 2003 Web Edition SP1 Beta 1 Microsoft Windows Server 2003 Web Edition SP1 Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2003 Standard x64 Edition Microsoft Windows Server 2003 Standard Edition SP1 Beta 1 Microsoft Windows Server 2003 Standard Edition SP1 Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Enterprise x64 Edition Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Beta 1 Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Microsoft Windows Server 2003 Enterprise Edition Itanium 0 Microsoft Windows Server 2003 Enterprise Edition SP1 Beta 1 Microsoft Windows Server 2003 Enterprise Edition SP1 Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Datacenter x64 Edition Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Beta 1 Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Microsoft Windows Server 2003 Datacenter Edition Itanium 0 Microsoft Windows Server 2003 Datacenter Edition SP1 Beta 1 Microsoft Windows Server 2003 Datacenter Edition SP1 Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows 2000 Server Japanese Edition Microsoft Windows 2000 Server SP4 Microsoft Windows 2000 Server SP3 Microsoft Windows 2000 Server SP2 Microsoft Windows 2000 Server SP1 Microsoft Windows 2000 Server Microsoft Windows 2000 Professional SP4 Microsoft Windows 2000 Professional SP3 Microsoft Windows 2000 Professional SP2 Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional Microsoft Windows 2000 Datacenter Server SP4 Microsoft Windows 2000 Datacenter Server SP3 Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Datacenter Server SP1 Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Advanced Server SP4 Microsoft Windows 2000 Advanced Server SP3 Microsoft Windows 2000 Advanced Server SP2 Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows 2000 Advanced Server Microsoft Internet Explorer 5.0.1 SP4 Microsoft Internet Explorer 5.0.1 SP3 Microsoft Internet Explorer 5.0.1 SP2 Microsoft Internet Explorer 5.0.1 SP1 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 5.0.1 SP4 HP Storage Management Appliance 2.1 |
| Not Vulnerable: | |
Discussion
Microsoft Internet Explorer HTML Rendering Remote Code Execution Vulnerability
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.
This vulnerability is related to how the browser renders HTML with certain layout combinations. An attacker could exploit this issue to execute arbitrary code in the context of the affected browser.
This issue affects Internet Explorer on Windows 2000, Windows XP, and Windows Server 2003.
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.
This vulnerability is related to how the browser renders HTML with certain layout combinations. An attacker could exploit this issue to execute arbitrary code in the context of the affected browser.
This issue affects Internet Explorer on Windows 2000, Windows XP, and Windows Server 2003.
Exploit / POC
Microsoft Internet Explorer HTML Rendering Remote Code Execution Vulnerability
An attacker may exploit this issue by enticing a victim user into viewing a malicious webpage.
An attacker may exploit this issue by enticing a victim user into viewing a malicious webpage.
Solution / Fix
Microsoft Internet Explorer HTML Rendering Remote Code Execution Vulnerability
Solution:
Microsoft released a security bulletin and fixes to address this issue. Please see the references for more information.
Microsoft Windows Server 2003 Datacenter Edition SP1
Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Beta 1
Microsoft Windows Server 2003 Enterprise Edition Itanium SP1
Microsoft Windows XP Tablet PC Edition SP2
Microsoft Windows Server 2003 Enterprise Edition Itanium 0
Microsoft Windows Server 2003 Standard Edition SP1
Microsoft Internet Explorer 6.0 SP1
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Enterprise x64 Edition
Microsoft Windows Server 2003 Datacenter Edition Itanium 0
Microsoft Windows Server 2003 Datacenter x64 Edition
Microsoft Windows Server 2003 Enterprise Edition SP1
Microsoft Windows XP 64-bit Edition SP1
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Beta 1
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows XP Home SP2
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Web Edition SP1
Microsoft Windows XP 64-bit Edition Version 2003 SP1
Microsoft Windows XP 64-bit Edition Version 2003
Microsoft Windows XP 64-bit Edition
Microsoft Windows XP Professional SP2
Microsoft Windows Server 2003 Datacenter Edition Itanium SP1
Microsoft Windows Server 2003 Standard x64 Edition
Microsoft Internet Explorer 5.0.1 SP4
Solution:
Microsoft released a security bulletin and fixes to address this issue. Please see the references for more information.
Microsoft Windows Server 2003 Datacenter Edition SP1
-
Microsoft WindowsServer2003-KB922760-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=35EEF49C-E3D7 -41EE-82F5-964A3959D453&displaylang=en
Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Beta 1
-
Microsoft WindowsServer2003-KB922760-ia64-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=E8E03176-F93B -4DE7-AC95-01F9B1C5409C&displaylang=en
Microsoft Windows Server 2003 Enterprise Edition Itanium SP1
-
Microsoft WindowsServer2003-KB922760-ia64-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=E8E03176-F93B -4DE7-AC95-01F9B1C5409C&displaylang=en
Microsoft Windows XP Tablet PC Edition SP2
-
Microsoft WindowsXP-KB922760-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=EA3CE61C-3A28 -4777-9EEF-1486BB483C4F&displaylang=en
Microsoft Windows Server 2003 Enterprise Edition Itanium 0
-
Microsoft WindowsServer2003-KB922760-ia64-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=E8E03176-F93B -4DE7-AC95-01F9B1C5409C&displaylang=en
Microsoft Windows Server 2003 Standard Edition SP1
-
Microsoft WindowsServer2003-KB922760-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=35EEF49C-E3D7 -41EE-82F5-964A3959D453&displaylang=en
Microsoft Internet Explorer 6.0 SP1
-
Microsoft IE6.0sp1-KB922760-Windows2000-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=C65C8EE7-F78D -4D52-A20C-1F896E0DC0A8&displaylang=en
Microsoft Windows Server 2003 Standard Edition
-
Microsoft WindowsServer2003-KB922760-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=35EEF49C-E3D7 -41EE-82F5-964A3959D453&displaylang=en
Microsoft Windows Server 2003 Enterprise x64 Edition
-
Microsoft WindowsServer2003.WindowsXP-KB922760-x64-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=ABE4FE3E-BDB6 -44B1-B203-528C67980B8F&displaylang=en
Microsoft Windows Server 2003 Datacenter Edition Itanium 0
-
Microsoft WindowsServer2003-KB922760-ia64-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=E8E03176-F93B -4DE7-AC95-01F9B1C5409C&displaylang=en -
Microsoft WindowsServer2003-KB922760-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=35EEF49C-E3D7 -41EE-82F5-964A3959D453&displaylang=en
Microsoft Windows Server 2003 Datacenter x64 Edition
-
Microsoft WindowsServer2003.WindowsXP-KB922760-x64-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=ABE4FE3E-BDB6 -44B1-B203-528C67980B8F&displaylang=en
Microsoft Windows Server 2003 Enterprise Edition SP1
-
Microsoft WindowsServer2003-KB922760-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=35EEF49C-E3D7 -41EE-82F5-964A3959D453&displaylang=en
Microsoft Windows XP 64-bit Edition SP1
-
Microsoft WindowsServer2003.WindowsXP-KB922760-x64-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=C535A36F-705E -4663-9EE4-B82632A50F0A&displaylang=en
Microsoft Windows Server 2003 Datacenter Edition
-
Microsoft WindowsServer2003-KB922760-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=35EEF49C-E3D7 -41EE-82F5-964A3959D453&displaylang=en
Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Beta 1
-
Microsoft WindowsServer2003-KB922760-ia64-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=E8E03176-F93B -4DE7-AC95-01F9B1C5409C&displaylang=en
Microsoft Windows Server 2003 Enterprise Edition
-
Microsoft WindowsServer2003-KB922760-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=35EEF49C-E3D7 -41EE-82F5-964A3959D453&displaylang=en
Microsoft Windows XP Home SP2
-
Microsoft WindowsXP-KB922760-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=EA3CE61C-3A28 -4777-9EEF-1486BB483C4F&displaylang=en
Microsoft Windows Server 2003 Web Edition
-
Microsoft WindowsServer2003-KB922760-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=35EEF49C-E3D7 -41EE-82F5-964A3959D453&displaylang=en
Microsoft Windows Server 2003 Web Edition SP1
-
Microsoft WindowsServer2003-KB922760-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=35EEF49C-E3D7 -41EE-82F5-964A3959D453&displaylang=en
Microsoft Windows XP 64-bit Edition Version 2003 SP1
-
Microsoft WindowsServer2003.WindowsXP-KB922760-x64-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=C535A36F-705E -4663-9EE4-B82632A50F0A&displaylang=en
Microsoft Windows XP 64-bit Edition Version 2003
-
Microsoft WindowsServer2003.WindowsXP-KB922760-x64-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=C535A36F-705E -4663-9EE4-B82632A50F0A&displaylang=en
Microsoft Windows XP 64-bit Edition
-
Microsoft WindowsServer2003.WindowsXP-KB922760-x64-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=C535A36F-705E -4663-9EE4-B82632A50F0A&displaylang=en
Microsoft Windows XP Professional SP2
-
Microsoft WindowsXP-KB922760-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=EA3CE61C-3A28 -4777-9EEF-1486BB483C4F&displaylang=en
Microsoft Windows Server 2003 Datacenter Edition Itanium SP1
-
Microsoft WindowsServer2003-KB922760-ia64-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=E8E03176-F93B -4DE7-AC95-01F9B1C5409C&displaylang=en -
Microsoft WindowsServer2003-KB922760-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=35EEF49C-E3D7 -41EE-82F5-964A3959D453&displaylang=en
Microsoft Windows Server 2003 Standard x64 Edition
-
Microsoft WindowsServer2003.WindowsXP-KB922760-x64-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=ABE4FE3E-BDB6 -44B1-B203-528C67980B8F&displaylang=en
Microsoft Internet Explorer 5.0.1 SP4
-
Microsoft IE5.01sp4-KB922760-Windows2000sp4-x86-ENU.exe
http://www.microsoft.com/downloads/details.aspx?familyid=B743B081-20D4 -4C1C-BC86-254D2F653953&displaylang=en
References
Microsoft Internet Explorer HTML Rendering Remote Code Execution Vulnerability
References:
References:
- Advisory ZDI-06-041 - Microsoft Internet Explorer CSS Float Property Memory Corr (Zero Day Initiative (ZDI))
- Microsoft Homepage (Microsoft)
- Microsoft Internet Explorer Homepage (Microsoft)
- Microsoft Security Bulletin MS06-067 (Microsoft)
- NORTEL RESPONSE TO MICROSOFT SECURITY BULLETIN MS06-067 (Nortel Networks)