Intrusion Prevention

MS.IE.DHTML.Script.Function.Memory.Corruption

Description

A remote code execution vulnerability exists in the way Internet Explorer interprets certain DHTML script function calls to incorrectly created elements. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Affected Products

Internet Explorer 6

Impact

Arbitrary code execution

Recommended Actions

Microsoft has issued an update to correct this vulnerability. More details can be found at: http://www.microsoft.com/technet/security/Bulletin/MS06-072.mspx

CVE References

CVE-2006-5581