Vulnerability Note VU#197852
Microsoft Internet Explorer fails to properly interpret HTML with certain layout combinations
A vulnerability in the way Microsoft Internet Explorer interprets malformed Web pages may lead to execution of arbitrary code.
Microsoft Internet Explorer contatins a vulnerabilty that could be exploited when Internet Explorer attempts to interpret specially crafted Web pages. According to Microsoft Security Bulletin MS06-067:
When Internet Explorer handles specially crafted HTML with certain HTML layout combinations it may corrupt system memory in such a way that an attacker could execute arbitrary code.
A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the affected user or cause a denial-of-service condition.
Please see Microsoft Security Bulletin MS06-067 for details on these workarounds.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||14 Nov 2006|
CVSS Metrics (Learn More)
This vulnerability was reported in Microsoft Security Bulletin MS06-067. Microsoft credits Sam Thomas, working with TippingPoint and the Zero Day Initiative for reporting this issue.
This document was written by Chris Taschner.
- CVE IDs: CVE-2006-4687
- Date Public: 14 Nov 2006
- Date First Published: 15 Nov 2006
- Date Last Updated: 17 Nov 2006
- Severity Metric: 27.00
- Document Revision: 14
If you have feedback, comments, or additional information about this vulnerability, please send us email.