ID	13678
Created	Dec 12, 2006
Updated	Mar 30, 2020
Severity
Coverage	IPS (Regular DB) IPS (Extended DB)
Default Action	drop
Active
Affected OS	Windows
Affected App	IE

Legend

Enabled/Available
Disabled/Not Avaliable

Update History

Date	Version	Detail
2019-10-04	14.700	*Sig Added

Refine Search

Intrusion Prevention

MS.IE.DHTML.Script.Function.Memory.Corruption

Description

A remote code execution vulnerability exists in the way Internet Explorer interprets certain DHTML script function calls to incorrectly created elements. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Affected Products

Internet Explorer 6

Impact

Arbitrary code execution

Recommended Actions

Microsoft has issued an update to correct this vulnerability. More details can be found at: http://www.microsoft.com/technet/security/Bulletin/MS06-072.mspx

CVE References

CVE-2006-5581

Other References

http://www.zerodayinitiative.com/advisories/ZDI-06-048.html

At a glance: