Lucene search

K
zdiSam ThomasZDI-06-027
HistoryAug 08, 2006 - 12:00 a.m.

Microsoft Internet Explorer CSS Class Ordering Memory Corruption Vulnerability

2006-08-0800:00:00
Sam Thomas
www.zerodayinitiative.com
21

EPSS

0.697

Percentile

98.0%

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exists due to improper handling of CSS class values. Accessing a specially crafted CSS element via document.getElementByID causes a memory corruption eventually leading to code execution.

EPSS

0.697

Percentile

98.0%