CVE-2006-5581
Microsoft Internet Explorer normalize() Function Memory Corruption Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via certain DHTML script functions, such as normalize, and "incorrectly created elements" that trigger memory corruption, aka "DHTML Script Function Memory Corruption Vulnerability."
Vulnerabilidad sin especificar en el Microsoft Internet Explorer 6 permite a atacantes remotos ejecutar código de su elección a través de determinadas funciones DHTML , como la "normalize", y "elementos creados incorrectamente" que disparan una corrupción de memoria, también conocido como "Vulnerabilidad de corrupción de memoria mediante una función DHTML".
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
The specific vulnerability exists due to improper handling of the normalize() function. When called in certain circumstances user controllable memory can be used to execute arbitrary code.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-10-27 CVE Reserved
- 2006-12-12 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-01 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1017373 | Vdb Entry | |
| http://www.kb.cert.org/vuls/id/347448 | Third Party Advisory |
|
| http://www.osvdb.org/30814 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/454210/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/21546 | Vdb Entry | |
| http://www.symantec.com/security_response/writeup.jsp?docid=2006-121212-1201-99 | X_refsource_misc | |
| http://www.us-cert.gov/cas/techalerts/TA06-346A.html | Third Party Advisory | |
| http://www.zerodayinitiative.com/advisories/ZDI-06-048.html | X_refsource_misc |
|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A116 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/23288 | 2021-07-23 | |
| http://www.securityfocus.com/archive/1/454969/100/200/threaded | 2021-07-23 | |
| http://www.vupen.com/english/advisories/2006/4966 | 2021-07-23 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-072 | 2021-07-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | <= 6 Search vendor "Microsoft" for product "Internet Explorer" and version " <= 6" | - |
Affected
| ||||||