CVE-2006-4687

⚪ Do wiadomości

Wykorzystanie błędu w renderowaniu HTML w Internet Explorerze umożliwia zdalne wykonanie kodu.

CVSS

5.1

EPSS

61.9%

Exploit

none

Vendor

microsoft

Opis źródłowy (NVD)

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."

brak Brak patcha

Źródła i daty

Źródło	Wartość
NVD – CVSS	5.1
CISA KEV (aktywnie wykorzystywane)	Nie
FIRST EPSS (prawdopodobieństwo exploita)	61.9%
Opublikowano (NVD)	2006-11-14 21:07:00 UTC
Ostatnia modyfikacja (NVD)	2026-04-23 00:35:47 UTC

Referencje

http://securitytracker.com/id?1017223 (secure@microsoft.com)
http://www.kb.cert.org/vuls/id/197852 (secure@microsoft.com) [US Government Resource]
http://www.osvdb.org/31323 (secure@microsoft.com)
http://www.securityfocus.com/archive/1/451590/100/100/threaded (secure@microsoft.com)
http://www.securityfocus.com/bid/21020 (secure@microsoft.com)
http://www.us-cert.gov/cas/techalerts/TA06-318A.html (secure@microsoft.com) [US Government Resource]
http://www.vupen.com/english/advisories/2006/4505 (secure@microsoft.com) [Vendor Advisory]
http://www.zerodayinitiative.com/advisories/ZDI-06-041.html (secure@microsoft.com) [Vendor Advisory]
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067 (secure@microsoft.com)
https://exchange.xforce.ibmcloud.com/vulnerabilities/29199 (secure@microsoft.com)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A456 (secure@microsoft.com)