CVE-2006-3227
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set, which could be stripped by Internet Explorer to render legible text, but not when using other browsers. NOTE: there has been significant discussion about this issue, and as of 20060625, it is not clear where the responsibility for this issue lies, although it might be due to vagueness within the associated standards. NOTE: this might only be exploitable with certain encodings.
Conflictos de interpretación entre Internet Explorer y otros buscadores web como Mozilla, Opera, y Firefox pued e permitir a atacantes remotos modificar la presentación de las páginas web y probablemente superar los mecanismos de protección como los filtros e contenido a través de caracteres ASCII con el octavo bit configurado, lo que puede ser desecho por Internet Explorer para traducir texto legible, pero no cuando es usado en otros buscaodres. NOTA: ha habido discursión significativa sobre este tema, como 20060625, no está claro donde se encuentra la responsabilidad de este problema, aunque podría ser debido a la vaguedad dentro de los estándares asociados. NOTA: esto sólo puede ser objeto de explotación con ciertas codificaciones.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-06-26 CVE Reserved
- 2006-06-26 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://ha.ckers.org/blog/20060621/malformed-ascii-bypasses-filters | X_refsource_misc | |
| http://ha.ckers.org/blog/20060621/us-ascii-xss-part-2 | X_refsource_misc | |
| http://www.osvdb.org/28376 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/437948/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/438049/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/438051/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/438066/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/438154/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/438163/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/438358/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/438359/100/0/threaded | Mailing List | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27288 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6.0.2900 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0.2900" | - |
Affected
| ||||||