A remote overflow exists in Microsoft IE. Internet Explorer fails to translate UTF-8 characters to Unicode resulting in an encoded HTML overflow. With a specially crafted request, an attacker can cause remote code execution resulting in a loss of integrity.

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

• CERT VU: 136849
• Bugtraq ID: 18309
• CVE ID: 2006-2382 (see also: NVD)
• Secunia Advisory ID: 20595
• SCIP VulDB ID: 2290
• Related OSVDB ID: 26442 26444 26445 26446
• Microsoft Knowledge Base Article: 916281
• VUPEN Advisory: ADV-2006-2319
• Keyword: aka "HTML Decoding Memory Corruption Vulnerability." ZDI-06-017
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0225.html
• Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-06-017.html
• Microsoft Security Bulletin: MS06-021

• Anonymous - Zero Day Initiative (ZDI)