{"vuid":"VU#891204","idnumber":"891204","name":"Microsoft Windows fails to properly parse the MHTML protocol","keywords":["Microsoft","Windows","remote code execution","parsing","MHTML protocol","ms06-aug"],"overview":"Microsoft Windows fails to properly handle MHTML. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system.","clean_desc":"MHTML According to Microsoft Security Bulletin MS06-043: MHTML extends HTML to embed encoded objects, such as images, in the HTML document. Although it is actually the HTML rendering extension that renders MHTML, this functionality may also be referred to as the MHTML rendering extension. The Problem Microsoft Windows fails to properly handle MHTML. This vulnerability can be triggered by viewing a specially crafted MHTML document. For more information refer to Microsoft Security Bulletin MS06-043.","impact":"A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.","resolution":"Apply an update \nThis vulnerability is addressed in Microsoft Security Bulletin MS06-043.","workarounds":"Workarounds to mitigate this vulnerability until a patch can be applied are available in Microsoft Security Bulletin MS06-043.","sysaffected":"","thanks":"This vulnerability was reported in Microsoft Security Bulletin \nMS06-043","author":"This document was written by Jeff Gennari.","public":["h","t","t","p",":","/","/","w","w","w",".","m","i","c","r","o","s","o","f","t",".","c","o","m","/","t","e","c","h","n","e","t","/","s","e","c","u","r","i","t","y","/","b","u","l","l","e","t","i","n","/","m","s","0","6","-","0","4","3",".","m","s","p","x"],"cveids":["CVE-2006-2766"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-08-08T18:13:46Z","publicdate":"2006-08-08T00:00:00Z","datefirstpublished":"2006-08-08T20:28:54Z","dateupdated":"2006-08-08T20:29:31Z","revision":11,"vrda_d1_directreport":"0","vrda_d1_population":"4","vrda_d1_impact":"4","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"15","cam_population":"15","cam_impact":"20","cam_easeofexploitation":"12","cam_attackeraccessrequired":"7","cam_scorecurrent":"14.175","cam_scorecurrentwidelyknown":"16.5375","cam_scorecurrentwidelyknownexploited":"25.9875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":14.175,"vulnote":null}