Vulnerability Details : CVE-2006-3281
Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka "Folder GUID Code Execution Vulnerability." NOTE: directory traversal sequences were used in the original exploit, although their role is not clear.
Vulnerability category: Directory traversalInput validationExecute code
Products affected by CVE-2006-3281
- cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-3281
95.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-3281
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST |
CWE ids for CVE-2006-3281
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-3281
-
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj
Exploit
-
http://www.securityfocus.com/bid/19389
-
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-045
-
http://www.vupen.com/english/advisories/2006/2553
Vendor Advisory
-
http://securitytracker.com/id?1016388
-
http://www.kb.cert.org/vuls/id/655100
US Government Resource
-
http://www.us-cert.gov/cas/techalerts/TA06-220A.html
US Government Resource
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/27456
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A318
Jump to