Vulnerability Description
Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Ie | 6.0 |
| Microsoft | Internet Explorer | 6.0 |
References
- http://secunia.com/advisories/20384Vendor Advisory
- http://securitytracker.com/id?1016654
- http://www.kb.cert.org/vuls/id/891204US Government Resource
- http://www.osvdb.org/25949
- http://www.securityfocus.com/archive/1/435492/100/0/threaded
- http://www.securityfocus.com/archive/1/435609/100/0/threaded
- http://www.securityfocus.com/archive/1/435616/100/0/threaded
- http://www.securityfocus.com/bid/18198Exploit
- http://www.us-cert.gov/cas/techalerts/TA06-220A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2006/2088
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-04
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26810
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://secunia.com/advisories/20384Vendor Advisory
- http://securitytracker.com/id?1016654
FAQ
What is CVE-2006-2766?
CVE-2006-2766 is a vulnerability with a CVSS score of 2.6 (LOW). Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to ...
How severe is CVE-2006-2766?
CVE-2006-2766 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2766?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Ie, Microsoft Internet Explorer.