OSVDB ID: 31323

Title: Microsoft IE DIV Tag and HTML CSS Float Properties Arbitrary Code Execution

Info

Disclosure

Nov 14, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Nov 14, 2006

Description

Microsoft Internet Explorer contains a flaw that may allow a malicious user to corrupt memory. The issue is triggered when a user visits a maliciously crafted web page that contains layout combinations involving DIV tags and HTML CSS float properties. It is possible that the flaw may allow an attacker to execute arbitrary code resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Private, Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	Internet Explorer	6
		5

References

Security Tracker: 1017223
CERT VU: 197852
CVE ID: 2006-4687 (see also: NVD)
Bugtraq ID: 21020
ISS X-Force ID: 29199
VUPEN Advisory: ADV-2006-4505
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0249.html
Vendor URL: http://www.microsoft.com
Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-06-041.html
Microsoft Security Bulletin: ms06-067

Credit

Sam Thomas - -

Direct URL: http://osvdb.org/31323

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Internet Explorer

References

Credit