CVE-2006-4686

Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.

Published: Oct 11, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-4686
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / xml_core_services	3.0	3.0.x
microsoft / xml_core_services	4.0	4.0.x
microsoft / xml_core_services	6.0	6.0.x
microsoft / xml_parser	2.6	2.6.x

http://secunia.com/advisories/22333
http://securitytracker.com/id?1017033
http://www.kb.cert.org/vuls/id/562788
http://www.osvdb.org/29426
http://www.securityfocus.com/archive/1/449179/100/0/threaded
http://www.securityfocus.com/bid/20338
http://www.vupen.com/english/advisories/2006/3980
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-061
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A285

Vulnerability Database

289,689

CVE-2006-4686