ID CVE-2006-5581
Summary Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via certain DHTML script functions, such as normalize, and "incorrectly created elements" that trigger memory corruption, aka "DHTML Script Function Memory Corruption Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:ie:-:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:-:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.0.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.0.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.0.1:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.0.1:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.01:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.01:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.40.308:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.40.308:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.40.520:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.40.520:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.70.1155:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.70.1155:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.70.1158:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.70.1158:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.70.1215:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.70.1215:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.70.1300:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.70.1300:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.71.544:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.71.544:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.71.1008.3:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.71.1008.3:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.71.1712.6:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.71.1712.6:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.72.2106.8:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.72.2106.8:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.72.3110.8:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.72.3110.8:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:4.72.3612.1713:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:4.72.3612.1713:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.0.1:sp4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.0518.10:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.0518.10:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.0910.1309:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.0910.1309:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2014.0216:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2014.0216:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2314.1003:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2314.1003:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2516.1900:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2516.1900:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2614.3500:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2614.3500:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2919.800:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2919.800:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2919.3800:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2919.3800:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2919.6307:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2919.6307:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.2920.0000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.2920.0000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3103.1000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3103.1000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3105.0106:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3105.0106:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3314.2101:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3314.2101:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3315.1000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3315.1000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3502.1000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3502.1000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.00.3700.1000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.00.3700.1000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.01:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.01:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.01:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.01:sp4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:preview:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:preview:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.50.3825.1300:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.50.3825.1300:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.50.4030.2400:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.50.4030.2400:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.50.4134.0100:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.50.4134.0100:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.50.4134.0600:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.50.4134.0600:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.50.4308.2900:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.50.4308.2900:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.50.4522.1800:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.50.4522.1800:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.50.4807.2300:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.50.4807.2300:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6:sp1:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 17-10-2018 - 21:43)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2015-08-03T04:00:13.712-04:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Matthew Wojcik
    organization The MITRE Corporation
  • name Preeti Subramanian
    organization SecPod Technologies
  • name Maria Mikhno
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Windows Server 2003 (x86) Gold is installed
    oval oval:org.mitre.oval:def:165
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows XP SP1 (64-bit) is installed
    oval oval:org.mitre.oval:def:480
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows XP SP2 or later is installed
    oval oval:org.mitre.oval:def:521
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
description Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via certain DHTML script functions, such as normalize, and "incorrectly created elements" that trigger memory corruption, aka "DHTML Script Function Memory Corruption Vulnerability."
family windows
id oval:org.mitre.oval:def:116
status accepted
submitted 2006-12-13T08:17:04
title DHTML Script Function Memory Corruption Vulnerability
version 72
refmap via4
bid 21546
bugtraq 20061212 ZDI-06-048: Microsoft Internet Explorer normalize() Function Memory Corruption Vulnerability
cert TA06-346A
cert-vn VU#347448
hp
  • HPSBST02180
  • SSRT061288
misc
ms MS06-072
osvdb 30814
sectrack 1017373
secunia 23288
vupen ADV-2006-4966
Last major update 17-10-2018 - 21:43
Published 12-12-2006 - 20:28
Back to Top