Overview
Microsoft Internet Explorer (IE) fails to properly handle malformed HTML. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system.
Description
IE fails to properly handle specially crafted HTML. When a specially crafted, malformed HTML file is opened in IE, system memory can be corrupted in a way that may allow an attacker to execute arbitrary code. More information is available in Microsoft Security Bulletin MS06-013. |
Impact
If a remote attacker can persuade a user to access a specially crafted web page with IE, that attacker may be able to execute arbitrary code with the privileges of the compromised user. |
Solution
Apply an Update |
Refer to Microsoft Security Bulletin MS06-013 for workarounds for this vulnerability. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was reported in Microsoft Security Bulletin MS06-013. Microsoft credits Jan P. Monsch of Compass Security Network Computing AG with providing information regarding this vulnerability.
This document was written by Jeff Gennari.
Other Information
| CVE IDs: | CVE-2006-1185 |
| Severity Metric: | 29.70 |
| Date Public: | 2006-04-11 |
| Date First Published: | 2006-04-11 |
| Date Last Updated: | 2006-04-11 19:08 UTC |
| Document Revision: | 6 |