Related Weaknesses
CWE-ID |
Weakness Name |
Source |
CWE-399 |
Category : Resource Management Errors Weaknesses in this category are related to improper management of system resources. |
|
Metrics
Metrics |
Score |
Severity |
CVSS Vector |
Source |
V2 |
2.6 |
|
AV:N/AC:H/Au:N/C:N/I:N/A:P |
[email protected] |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 27727
Publication date : 2006-04-21 22h00 +00:00
Author : Michal Zalewski
EDB Verified : Yes
source: https://www.securityfocus.com/bid/17658/info
Microsoft Internet Explorer is prone to a memory-corruption vulnerability. This issue is due to a flaw in the application in handling nested OBJECT tags in HTML content.
An attacker could exploit this issue via a malicious web page to potentially execute arbitrary code in the context of the currently logged-in user, but this has not been confirmed. Exploit attempts likely result in crashing the affected application. Attackers could exploit this issue through HTML email/newsgroup postings or through other applications that employ the affected component.
Microsoft Internet Explorer 6 for Microsoft Windows XP SP2 is reportedly vulnerable to this issue; other versions may also be affected.
perl -e '{print "<STYLE></STYLE>\n<OBJECT>\nBork\n"x32}' >test.html
Products Mentioned
Configuraton 0
Microsoft>>Internet_explorer >> Version 6.0.2900
References