Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file.
secunia.com/advisories/21396
securitytracker.com/id?1016663
www.kb.cert.org/vuls/id/119180
www.osvdb.org/27855
www.securityfocus.com/archive/1/442579/100/0/threaded
www.securityfocus.com/bid/19312
www.us-cert.gov/cas/techalerts/TA06-220A.html
www.vupen.com/english/advisories/2006/3212
www.zerodayinitiative.com/advisories/ZDI-06-027.html
docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A433