CVE-2006-4687

high

Description

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A456

https://exchange.xforce.ibmcloud.com/vulnerabilities/29199

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067

http://www.zerodayinitiative.com/advisories/ZDI-06-041.html

http://www.vupen.com/english/advisories/2006/4505

http://www.us-cert.gov/cas/techalerts/TA06-318A.html

http://www.securityfocus.com/bid/21020

http://www.securityfocus.com/archive/1/451590/100/100/threaded

http://www.osvdb.org/31323

http://www.kb.cert.org/vuls/id/197852

http://securitytracker.com/id?1017223

Details

Source: Mitre, NVD

Published: 2006-11-14

Updated: 2021-07-23

Risk Information

CVSS v2

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High