Lucene search

K
zdiSam ThomasZDI-06-026
HistoryAug 08, 2006 - 12:00 a.m.

Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability

2006-08-0800:00:00
Sam Thomas
www.zerodayinitiative.com
19

0.72 High

EPSS

Percentile

98.1%

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists due to improper garbage collection when multiple “imports” are used on a “styleSheets” collection. Crafting a long chain of CSS imports in an HTML document results in a memory corruption eventually leading to code execution.

0.72 High

EPSS

Percentile

98.1%