CVE-2006-3227 (CNNVD-200606-499)

LOW
中文标题:
Internet Explorer 浏览器解释冲突 访问控制绕过漏洞
英文标题:
Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and...
CVSS分数: 2.6
发布时间: 2006-06-26 16:00:00
漏洞类型: 其他
状态: PUBLISHED
数据质量分数: 0.30
数据版本: v3
漏洞描述
中文描述:

Internet Explorer与Mozilla, Opera和Firefox等其他web浏览器之间存在解释冲突。远程攻击者借助可由 Internet Explorer剥离以表现可读文字而在使用其他浏览器时无法进行的,包含第8位组的ASCII字符,来修改网页的视觉表现,并可能绕过内容过滤器等保护机制。

英文描述:

Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set, which could be stripped by Internet Explorer to render legible text, but not when using other browsers. NOTE: there has been significant discussion about this issue, and as of 20060625, it is not clear where the responsibility for this issue lies, although it might be due to vagueness within the associated standards. NOTE: this might only be exploitable with certain encodings.

CWE类型:
(暂无数据)
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
microsoft internet_explorer 6.0.2900 - - cpe:2.3:a:microsoft:internet_explorer:6.0.2900:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
20060621 Re: Bypassing of web filters by using ASCII mailing-list
cve.org
访问
ie-ascii-encoded-web-filter-bypass(27288) vdb-entry
cve.org
访问
20060623 Re: Bypassing of web filters by using ASCII mailing-list
cve.org
访问
20060626 Re: Bypassing of web filters by using ASCII mailing-list
cve.org
访问
20060622 Re: Bypassing of web filters by using ASCII mailing-list
cve.org
访问
20060621 Bypassing of web filters by using ASCII mailing-list
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
20060621 Re: Bypassing of web filters by using ASCII mailing-list
cve.org
访问
无标题 x_refsource_MISC
cve.org
访问
20060623 RE: Bypassing of web filters by using ASCII mailing-list
cve.org
访问
20060626 RE: Bypassing of web filters by using ASCII mailing-list
cve.org
访问
28376 vdb-entry
cve.org
访问
CVSS评分详情
2.6
LOW
CVSS向量: AV:N/AC:H/Au:N/C:N/I:P/A:N
CVSS版本: 2.0
机密性
NONE
完整性
PARTIAL
可用性
NONE
时间信息
发布时间:
2006-06-26 16:00:00
修改时间:
2024-08-07 18:23:20
创建时间:
2025-11-11 15:32:35
更新时间:
2025-11-11 15:49:08
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2006-3227 2025-11-11 15:17:43 2025-11-11 07:32:35
NVD nvd_CVE-2006-3227 2025-11-11 14:51:49 2025-11-11 07:41:20
CNNVD cnnvd_CNNVD-200606-499 2025-11-11 15:08:52 2025-11-11 07:49:08
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2025-11-11 15:49:08
vulnerability_type: 未提取 → 其他; cnnvd_id: 未提取 → CNNVD-200606-499; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 其他
  • cnnvd_id: 未提取 -> CNNVD-200606-499
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:41:20
severity: SeverityLevel.MEDIUM → SeverityLevel.LOW; cvss_score: 未提取 → 2.6; cvss_vector: NOT_EXTRACTED → AV:N/AC:H/Au:N/C:N/I:P/A:N; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 1; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • severity: SeverityLevel.MEDIUM -> SeverityLevel.LOW
  • cvss_score: 未提取 -> 2.6
  • cvss_vector: NOT_EXTRACTED -> AV:N/AC:H/Au:N/C:N/I:P/A:N
  • cvss_version: NOT_EXTRACTED -> 2.0
  • affected_products_count: 0 -> 1
  • data_sources: ['cve'] -> ['cve', 'nvd']