Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3450

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3450
Last Modified 13 Apr 2011 12:00:00
Published 08 Aug 2006 07:04:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3450

Summary

Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file.

Vulnerable Systems

Application

  • Microsoft Ie 6.0


References

CERT - TA06-220A

CERT-VN - VU#119180

BID - 19312

MS - MS06-042

MISC - http://www.zerodayinitiative.com/advisories/ZDI-06-027.html

VUPEN - ADV-2006-3212

BUGTRAQ - 20060808 ZDI-06-027: Microsoft Internet Explorer CSS Class Ordering Memory Corruption Vulnerability

OSVDB - 27855

SECTRACK - 1016663

SECUNIA - 21396


Last Updated: 27 May 2016 10:43:01