CVE-2006-4687

Microsoft Internet Explorer <6 - RCE

Title source: llm
STIX 2.1

Description

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."

References (11)

Core 11
Core References
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA06-318A.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A456
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/31323
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/197852
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017223
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4505
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/451590/100/100/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29199
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21020

Scores

EPSS 0.2480
EPSS Percentile 97.7%

Details

CWE
CWE-119
Status published
Products (3)
microsoft/ie 6 windows_server_2003_sp1
microsoft/internet_explorer 5.1
microsoft/internet_explorer 5.5 (4 CPE variants)
Published Nov 14, 2006
Tracked Since Feb 18, 2026