CVE-2006-2385

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 5.01 SP4 and 6 SP1 and earlier

Description The issue allows remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file. A remote code execution vulnerability exists in the way Internet Explorer saves multipart HTML (.mht) files. An attacker could exploit the vulnerability by constructing a specially crafted Web page and convincing a user to save this Web page as a multipart HTML file, potentially allowing remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system, however significant user interaction is required.

Recommendations For Microsoft Internet Explorer versions 5.01 SP4 and 6 SP1 and earlier, consider disabling the ability to save web pages as multipart HTML (.mht) files until a patch is available. As a temporary workaround, restrict access to saving web pages as .mht files to minimize the risk of exploitation.