7.5

CVE-2006-3450

Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftIe Version6.0 Updatesp1
MicrosoftInternet Explorer Version6.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 41.11% 0.985
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.vupen.com/english/advisories/2006/3212
Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042
http://www.us-cert.gov/cas/techalerts/TA06-220A.html
Patch
Third Party Advisory
US Government Resource
http://secunia.com/advisories/21396
Vendor Advisory
http://securitytracker.com/id?1016663
http://www.kb.cert.org/vuls/id/119180
Patch
US Government Resource
http://www.osvdb.org/27855
http://www.securityfocus.com/archive/1/442579/100/0/threaded
http://www.securityfocus.com/bid/19312
Patch
http://www.zerodayinitiative.com/advisories/ZDI-06-027.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A433