Info

Disclosure

Mar 13, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Microsoft Internet Explorer contains a flaw that may allow a malicious user to execute HTA files (HTML Applications) in the context of targeted users. The issue is triggered when unspecified condition occurs. It is possible that the flaw may allow to execute code and potentially to compromise affected system resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Disclosure: OSVDB Verified

Solution

Upgrade to version 7.0 Beta 2 Preview that was released on March 20, 2006 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Microsoft Corporation	Internet Explorer	6.0
		6.0 SP1
		6.0 SP2
		7.0 Beta 2 Preview (March edition)

References

Security Tracker: 1015800
Bugtraq ID: 17181
Secunia Advisory ID: 18957 19378
CVE ID: 2006-1388 (see also: NVD)
SCIP VulDB ID: 2110
ISS X-Force ID: 25394
Microsoft Knowledge Base Article: 912812
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1415.html
Other Advisory URL: http://jeffrey.vanderstad.net/grasshopper/
News Article: http://news.zdnet.com/2100-1009_22-6052396.html?tag=zdfd.newsfeed
Vendor Specific Solution URL: http://www.microsoft.com/windows/ie/ie7/ie7betaredirect.mspx
Microsoft Security Bulletin: MS06-013
Keyword: The grasshopper vulnerability

Credit

Jeffrey van der Stad - jeffreyvanderstad.net - Personal Page

Direct URL: http://osvdb.org/24095

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Internet Explorer

References

Credit