ID CVE-2006-4686
Summary Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:xml_core_services:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:xml_core_services:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:xml_parser:2.6:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:xml_parser:2.6:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 17-10-2018 - 21:39)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
accepted 2008-12-08T04:00:47.023-05:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
definition_extensions
  • comment Microsoft XML Core Services 3 is installed
    oval oval:org.mitre.oval:def:415
  • comment Microsoft XML Core Services 4 is installed
    oval oval:org.mitre.oval:def:1002
  • comment Microsoft XML Core Services 5 is installed
    oval oval:org.mitre.oval:def:493
  • comment Microsoft XML Core Services 6 is installed
    oval oval:org.mitre.oval:def:454
description Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.
family windows
id oval:org.mitre.oval:def:285
status accepted
submitted 2006-10-11T05:29:41
title XSLT Buffer Overrun Vulnerability
version 65
refmap via4
bid 20338
cert-vn VU#562788
hp
  • HPSBST02161
  • SSRT061264
ms MS06-061
osvdb 29426
sectrack 1017033
secunia 22333
vupen ADV-2006-3980
vulnerable_product via4
  • cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:xml_core_services:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:xml_parser:2.6:*:*:*:*:*:*:*
Last major update 17-10-2018 - 21:39
Published 10-10-2006 - 22:07
Back to Top