7.5
CVE-2006-3451
- EPSS 41.22%
- Veröffentlicht 08.08.2006 23:04:00
- Zuletzt bearbeitet 16.06.2026 22:27:05
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 41.22% | 0.985 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.vupen.com/english/advisories/2006/3212
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042
http://www.us-cert.gov/cas/techalerts/TA06-220A.html
http://secunia.com/advisories/21396
http://securitytracker.com/id?1016663
http://securityreason.com/securityalert/1343
http://www.kb.cert.org/vuls/id/262004
http://www.osvdb.org/27854
http://www.securityfocus.com/archive/1/442578/100/0/threaded
http://www.securityfocus.com/bid/19316
http://www.zerodayinitiative.com/advisories/ZDI-06-026.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5