CVE-2006-4687 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft IE

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

5.1MEDIUMNVD

EPSS

61.9%

top 1.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft IE Microsoft Internet Explorer

Timeline

PublishedNov 14

Latest updateMay 1

Description

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/internet_explorer5.1, 5.5+1

▶NVDmicrosoft/ie6

🔴Vulnerability Details

GHSA

GHSA-93mc-vq66-v7mx: Microsoft Internet Explorer 5↗2022-05-01

▶

CVEList

CVE-2006-4687: Microsoft Internet Explorer 5↗2006-11-14

▶