Vulnerability Details : CVE-2006-3227

Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set, which could be stripped by Internet Explorer to render legible text, but not when using other browsers. NOTE: there has been significant discussion about this issue, and as of 20060625, it is not clear where the responsibility for this issue lies, although it might be due to vagueness within the associated standards. NOTE: this might only be exploitable with certain encodings.
Publish Date : 2006-06-26 Last Update Date : 2017-07-19

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	2.6
Confidentiality Impact	None (There is no impact to the confidentiality of the system.)
Integrity Impact	Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact	None (There is no impact to the availability of the system.)
Access Complexity	High (Specialized access conditions exist. It is hard to exploit and several special conditions must be satisfied to exploit)
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	Bypass a restriction or similar
CWE ID	CWE id is not defined for this vulnerability

- Products Affected By CVE-2006-3227

#	Product Type	Vendor	Product	Version	Update	Edition	Language
1	Application	Microsoft	IE	6.0.2900				Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Microsoft	IE	1

- References For CVE-2006-3227

https://exchange.xforce.ibmcloud.com/vulnerabilities/27288
XF ie-ascii-encoded-web-filter-bypass(27288)

http://www.securityfocus.com/archive/1/archive/1/438359/100/0/threaded
BUGTRAQ 20060626 RE: Bypassing of web filters by using ASCII

http://www.securityfocus.com/archive/1/archive/1/438154/100/0/threaded
BUGTRAQ 20060623 RE: Bypassing of web filters by using ASCII

http://www.securityfocus.com/archive/1/archive/1/438163/100/0/threaded
BUGTRAQ 20060623 Re: Bypassing of web filters by using ASCII

http://www.securityfocus.com/archive/1/archive/1/438066/100/0/threaded
BUGTRAQ 20060622 Re: Bypassing of web filters by using ASCII

http://www.securityfocus.com/archive/1/archive/1/438049/100/0/threaded
BUGTRAQ 20060621 Re: Bypassing of web filters by using ASCII

http://www.securityfocus.com/archive/1/archive/1/437948/100/0/threaded
BUGTRAQ 20060621 Bypassing of web filters by using ASCII

http://www.securityfocus.com/archive/1/438051/100/0/threaded
BUGTRAQ 20060621 Re: Bypassing of web filters by using ASCII

http://www.securityfocus.com/archive/1/archive/1/438358/100/0/threaded
BUGTRAQ 20060626 Re: Bypassing of web filters by using ASCII

http://ha.ckers.org/blog/20060621/us-ascii-xss-part-2

http://ha.ckers.org/blog/20060621/malformed-ascii-bypasses-filters/

- Metasploit Modules Related To CVE-2006-3227

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)