CVE-2006-2766

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 6.0 through 6.0 SP2 Windows Explorer (affected versions not specified) Outlook Express version 6

Description The issue is related to a buffer overflow in INETCOMM.DLL and incorrect parsing of the MHTML protocol, which can lead to remote code execution. This can be exploited by an attacker constructing a specially crafted Web page or HTML e-mail. If a user visits a specially crafted Web site or clicks a link in a specially crafted e-mail message, it could potentially lead to remote code execution.

Recommendations For Microsoft Internet Explorer versions 6.0 through 6.0 SP2, consider disabling the handling of MHTML protocol until a patch is available. For Windows Explorer, restrict access to potentially malicious Web sites and e-mail messages to minimize the risk of exploitation. For Outlook Express version 6, avoid clicking on links in suspicious e-mail messages until the issue is resolved. As a temporary workaround, consider disabling the use of INETCOMM.DLL in affected programs until a patch is available.