Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-3637Out-of-bounds Write in Microsoft IE

4 documents4 sources
Severity
5.1MEDIUMNVD
EPSS
77.3%
top 1.02%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedAug 8
Latest updateMay 1

Description

Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages2 packages

Patches

Patch: www.kb.cert.orgPatch: www.us-cert.govPatch: www.kb.cert.org

🔴Vulnerability Details

2
GHSA
GHSA-7q4c-q75j-7mvc: Microsoft Internet Explorer 52022-05-01
CVEList
CVE-2006-3637: Microsoft Internet Explorer 52006-08-08

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 5.0.1 - Frameset Memory Corruption2006-06-05
CVE-2006-3637 — Out-of-bounds Write in Microsoft IE | cvebase