CVE-2006-4686

3 documents3 sources

Severity

7.5HIGH

EPSS

28.4%

top 3.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft XML Core Services Microsoft XML Parser

Timeline

PublishedOct 10

Latest updateMay 1

Description

Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/xml_core_services3.0, 4.0, 6.0+2

▶NVDmicrosoft/xml_parser2.6

🔴Vulnerability Details

GHSA

GHSA-hmr7-6hpx-fg3j: Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2↗2022-05-01

▶

CVEList

CVE-2006-4686: Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2↗2006-10-10

▶