Vulnerability Note VU#136849
Microsoft Internet Explorer UTF-8 decoding vulnerability
Microsoft Internet Explorer fails to properly decode UTF-8 encoded HTML. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
The Unicode character set contains more than 96,000 characters. Because of this, Unicode can be used to represent a wide range of languages.
By convincing a user to view a specially crafted HTML document (e.g., a web page, an HTML email message, or an email attachment), an attacker could execute arbitrary code with the privileges of the user. The attacker could also cause IE (or the program using the MSHTML component) to crash.
Apply an update
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||13 Jun 2006|
CVSS Metrics (Learn More)
Thanks to Microsoft Security for reporting this vulnerability. Microsoft, in turn, thanks Tippingpoint for reporting this issue.
This document was written by Will Dormann.
- CVE IDs: CVE-2006-2382
- Date Public: 13 Jun 2006
- Date First Published: 13 Jun 2006
- Date Last Updated: 13 Jun 2006
- Severity Metric: 17.21
- Document Revision: 2
If you have feedback, comments, or additional information about this vulnerability, please send us email.