CVE-2006-3450 — Improper Input Validation in Microsoft IE

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.5HIGHNVD

EPSS

63.8%

top 1.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft IE Microsoft Internet Explorer

Timeline

PublishedAug 8

Latest updateMay 1

Description

Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/internet_explorer6.0

▶NVDmicrosoft/ie6.0

Patches

Patch: www.kb.cert.org ↗Patch: www.securityfocus.com ↗Patch: www.us-cert.gov ↗

🔴Vulnerability Details

GHSA

GHSA-xcxm-q93f-87v7: Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document↗2022-05-01

▶

CVEList

CVE-2006-3450: Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document↗2006-08-08

▶