5.1
CVE-2006-3281
- EPSS 48.22%
- Veröffentlicht 28.06.2006 22:05:00
- Zuletzt bearbeitet 16.06.2026 22:26:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka "Folder GUID Code Execution Vulnerability." NOTE: directory traversal sequences were used in the original exploit, although their role is not clear.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Internet Explorer Version6.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 48.22% | 0.987 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.1 | 4.9 | 6.4 |
AV:N/AC:H/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.us-cert.gov/cas/techalerts/TA06-220A.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html
http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj
http://secunia.com/advisories/20825
http://securitytracker.com/id?1016388
http://www.vupen.com/english/advisories/2006/2553
http://www.kb.cert.org/vuls/id/655100
http://www.securityfocus.com/bid/19389
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-045
https://exchange.xforce.ibmcloud.com/vulnerabilities/27456
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A318