Vulnerability Note VU#984473
Microsoft Internet Explorer contains overflow in processing script action handlers
A vulnerability in the Microsoft Internet Explorer web browser could allow a remote attacker to crash the browser or possibly execute arbitrary code on a vulnerable system.
A programming error in the way that Internet Explorer handles multiple event handlers in an HTML element results in an array out-of-bounds memory access. This error results in a vulnerability that could allow an attacker to execute code on a vulnerable system. An attacker could exploit this vulnerability by constructing a malicious web page and tricking or persuading a user to visit the malicious site.
A remote attacker can cause a vulnerable version of the browser to crash. In some cases, it may also be possible for the attacker to execute code of their choosing on an affected system. The attacker-supplied code would be executed with the permissions of the user running the vulnerable version of the browser.
Apply a patch
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Unknown||16 Mar 2006||11 Apr 2006|
CVSS Metrics (Learn More)
Michal Zalewski publicly reported this vulnerability.
This document was written by Chad R Dougherty.
- CVE IDs: CVE-2006-1245
- Date Public: 16 Mar 2006
- Date First Published: 11 Apr 2006
- Date Last Updated: 11 Apr 2006
- Severity Metric: 23.01
- Document Revision: 20
If you have feedback, comments, or additional information about this vulnerability, please send us email.