{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-08-08T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "oval:org.mitre.oval:def:433", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A433"}, {"name": "1016663", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016663"}, {"name": "MS06-042", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"}, {"name": "27855", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/27855"}, {"name": "VU#119180", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/119180"}, {"name": "21396", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21396"}, {"name": "ADV-2006-3212", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3212"}, {"name": "20060808 ZDI-06-027: Microsoft Internet Explorer CSS Class Ordering Memory Corruption Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/442579/100/0/threaded"}, {"name": "19312", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19312"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-027.html"}, {"name": "TA06-220A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-3450", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "oval:org.mitre.oval:def:433", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A433"}, {"name": "1016663", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016663"}, {"name": "MS06-042", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"}, {"name": "27855", "refsource": "OSVDB", "url": "http://www.osvdb.org/27855"}, {"name": "VU#119180", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/119180"}, {"name": "21396", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21396"}, {"name": "ADV-2006-3212", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3212"}, {"name": "20060808 ZDI-06-027: Microsoft Internet Explorer CSS Class Ordering Memory Corruption Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/442579/100/0/threaded"}, {"name": "19312", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19312"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-027.html", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-027.html"}, {"name": "TA06-220A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"}]}}}}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-3450", "datePublished": "2006-08-08T23:00:00", "dateReserved": "2006-07-07T00:00:00", "dateUpdated": "2018-10-18T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file."}, {"lang": "es", "value": "Microsoft Internet Explorer 6 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n usando la funci\u00f3n Javascript document.getElementByID para acceder a elementos de Hojas de Estilo en Cascada (CSS) manipulados, y posiblemente otros vectores no especificados relacionados con determinadas combinaciones de posicionamiento en el dise\u00f1o de un archivo HTML."}], "id": "CVE-2006-3450", "lastModified": "2021-07-23T12:55:03.667", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-08-08T23:04:00.000", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21396"}, {"source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1016663"}, {"source": "secure@microsoft.com", "tags": ["Patch", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/119180"}, {"source": "secure@microsoft.com", "url": "http://www.osvdb.org/27855"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/442579/100/0/threaded"}, {"source": "secure@microsoft.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/19312"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/3212"}, {"source": "secure@microsoft.com", "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-027.html"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A433"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}