Overview
A vulnerability in the Microsoft Internet Explorer web browser could allow a remote attacker to crash the browser or possibly execute arbitrary code on a vulnerable system.
Description
A programming error in the way that Internet Explorer handles multiple event handlers in an HTML element results in an array out-of-bounds memory access. This error results in a vulnerability that could allow an attacker to execute code on a vulnerable system. An attacker could exploit this vulnerability by constructing a malicious web page and tricking or persuading a user to visit the malicious site. |
Impact
A remote attacker can cause a vulnerable version of the browser to crash. In some cases, it may also be possible for the attacker to execute code of their choosing on an affected system. The attacker-supplied code would be executed with the permissions of the user running the vulnerable version of the browser. |
Solution
Apply a patch |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Michal Zalewski publicly reported this vulnerability.
This document was written by Chad R Dougherty.
Other Information
| CVE IDs: | CVE-2006-1245 |
| Severity Metric: | 23.01 |
| Date Public: | 2006-03-16 |
| Date First Published: | 2006-04-11 |
| Date Last Updated: | 2006-04-11 20:00 UTC |
| Document Revision: | 22 |