[email protected]CVE-2006-3451

HistoryAug 08, 2006 - 11:04 p.m.

CVE-2006-3451

2006-08-0823:04:00

CWE-20

[email protected]

web.nvd.nist.gov

microsoft

internet explorer

css

code execution

vulnerability

remote attackers

nvd

cve-2006-3451

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.72 High

EPSS

Percentile

98.1%

JSON

Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when “multiple imports are used on a styleSheets collection” to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors.

Affected configurations

NVD

Node

microsoftieMatch5.0sp4

microsoftieMatch6windows_server_2003_sp1

CPENameOperatorVersion
microsoft:iemicrosoft ieeq5.0
microsoft:iemicrosoft ieeq6

CPE	Name	Operator	Version
microsoft:ie	microsoft ie	eq	5.0
microsoft:ie	microsoft ie	eq	6

References

secunia.com/advisories/21396

securityreason.com/securityalert/1343

securitytracker.com/id?1016663

www.kb.cert.org/vuls/id/262004

www.osvdb.org/27854

www.securityfocus.com/archive/1/442578/100/0/threaded

www.securityfocus.com/bid/19316

www.us-cert.gov/cas/techalerts/TA06-220A.html

www.vupen.com/english/advisories/2006/3212

www.zerodayinitiative.com/advisories/ZDI-06-026.html

docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.72 High

EPSS

Percentile

98.1%

JSON

Related for CVE-2006-3451

zdi1 cvelist1 nvd1 cert1 securityvulns2 checkpoint_advisories1 nessus1