{"vuid":"VU#503124","idnumber":"503124","name":"Microsoft Internet Explorer fails to handle specially crafted, invalid HTML","keywords":["Microsoft","Internet Explorer","IE","remote code execution","HTML","ms06-apr"],"overview":"Microsoft Internet Explorer (IE) fails to properly handle malformed HTML. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system.","clean_desc":"IE fails to properly handle specially crafted HTML. When a specially crafted, malformed HTML file is opened in IE, system memory can be corrupted in a way that may allow an attacker to execute arbitrary code. More information is available in Microsoft Security Bulletin MS06-013.","impact":"If a remote attacker can persuade a user to access a specially crafted web page with IE, that attacker may be able to execute arbitrary code with the privileges of the compromised user.","resolution":"Apply an Update\nThis issue is addressed in Microsoft Security Bulletin MS06-013.","workarounds":"Refer to Microsoft Security Bulletin MS06-013 for workarounds for this vulnerability.","sysaffected":"","thanks":"This vulnerability was reported in Microsoft  Security Bulletin \nMS06-013\n. Microsoft credits \nJan P. Monsch of \nCompass Security Network Computing AG with providing information regarding this vulnerability.","author":"This document was written by Jeff Gennari.","public":["h","t","t","p",":","/","/","w","w","w",".","m","i","c","r","o","s","o","f","t",".","c","o","m","/","t","e","c","h","n","e","t","/","s","e","c","u","r","i","t","y","/","B","u","l","l","e","t","i","n","/","M","S","0","6","-","0","1","3",".","m","s","p","x"],"cveids":["CVE-2006-1185"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-04-11T18:22:03Z","publicdate":"2006-04-11T00:00:00Z","datefirstpublished":"2006-04-11T19:08:11Z","dateupdated":"2006-04-11T19:08:20Z","revision":6,"vrda_d1_directreport":"0","vrda_d1_population":"4","vrda_d1_impact":"4","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"7","cam_population":"20","cam_impact":"18","cam_easeofexploitation":"10","cam_attackeraccessrequired":"20","cam_scorecurrent":"29.7","cam_scorecurrentwidelyknown":"36.45","cam_scorecurrentwidelyknownexploited":"63.45","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":29.7,"vulnote":null}