CVE-2006-3450

Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file.

Published: Aug 9, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-3450
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
microsoft / ie	6.0-sp1	6.0-sp1.x
microsoft / internet_explorer	6.0	6.0.x

http://secunia.com/advisories/21396
http://securitytracker.com/id?1016663
http://www.kb.cert.org/vuls/id/119180
http://www.osvdb.org/27855
http://www.securityfocus.com/archive/1/442579/100/0/threaded
http://www.securityfocus.com/bid/19312
http://www.us-cert.gov/cas/techalerts/TA06-220A.html
http://www.vupen.com/english/advisories/2006/3212
http://www.zerodayinitiative.com/advisories/ZDI-06-027.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A433

Vulnerability Database

290,476

CVE-2006-3450