CVE-2006-3450
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.4 High
AI Score
Confidence
Low
0.697 Medium
EPSS
Percentile
98.0%
Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file.
Affected configurations
References
secunia.com/advisories/21396
securitytracker.com/id?1016663
www.kb.cert.org/vuls/id/119180
www.osvdb.org/27855
www.securityfocus.com/archive/1/442579/100/0/threaded
www.securityfocus.com/bid/19312
www.us-cert.gov/cas/techalerts/TA06-220A.html
www.vupen.com/english/advisories/2006/3212
www.zerodayinitiative.com/advisories/ZDI-06-027.html
docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A433
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.4 High
AI Score
Confidence
Low
0.697 Medium
EPSS
Percentile
98.0%