CVE-2006-3451Improper Input Validation in Microsoft IE

CWE-20Improper Input Validation3 documents3 sources
Severity
7.5HIGHNVD
EPSS
64.2%
top 1.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft IE
Timeline
PublishedAug 8
Latest updateMay 1

Description

Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDmicrosoft/ie5.0, 6+1

Patches

Patch: www.kb.cert.orgPatch: www.us-cert.govPatch: www.kb.cert.org

🔴Vulnerability Details

2
GHSA
GHSA-jmmq-q8f4-p952: Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a ch2022-05-01
CVEList
CVE-2006-3451: Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a ch2006-08-08
CVE-2006-3451 — Improper Input Validation in Microsoft | cvebase