HTTP: Multiple MSHTML Action Handlers
This signature detects HTTP traffic containing multiple Action Handlers inside an HTML tag. Malicious Web sites can utilize this vulnerability to crash client browsers. Internet Explorer 6 is vulnerable.
Extended Description
Microsoft Internet Explorer is susceptible to a remote buffer-overflow vulnerability in 'MSHTML.DLL'. The application fails to properly bounds-check user-supplied input data before copying it into an insufficiently sized memory buffer. Remote attackers may exploit this issue to crash affected web browsers. Remote code execution may also be possible, but this has not been confirmed. Internet Explorer 6 is vulnerable to this issue; other versions may also be affected.
Affected Products
Microsoft internet_explorer
Short Name
HTTP:STC:IE:MULTI-ACTION
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Action CVE-2006-1245 Handlers MSHTML Multiple bid:17131
Release Date
03/17/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5