Vulnerability Note VU#347448
Microsoft Internet Explorer fails to properly handle malformed DHTML script function calls
A vulnerability in the way Microsoft Internet Explorer handles malformed DHTML script function calls may allow a remote, unauthenticated attacker to execute arbitrary code.
According to Microsoft Security Bulletin MS06-072:
When Internet Explorer interprets certain DHTML script function calls to incorrectly created elements it may corrupt system memory in such a way that an attacker could execute arbitrary code.
A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the compromised user. The attacker could also cause Internet Explorer to crash.
Apply an update from Microsoft
Do not follow unsolicited links
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||12 Dec 2006|
CVSS Metrics (Learn More)
This vulnerability was reported in Microsoft Security Bulletin MS06-072. Microsoft credits Sam Thomas, working with TippingPoint and the Zero Day Initiative, for providing information about this issue.
This document was written by Jeff Gennari based on information from Microsoft.
- CVE IDs: CVE-2006-5581
- Date Public: 12 Dec 2006
- Date First Published: 12 Dec 2006
- Date Last Updated: 12 Dec 2006
- Severity Metric: 14.63
- Document Revision: 8
If you have feedback, comments, or additional information about this vulnerability, please send us email.