Detections
Analytics

CVE-2006-4686

high

Description

Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A285

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-061

http://www.vupen.com/english/advisories/2006/3980

http://www.securityfocus.com/bid/20338

http://www.securityfocus.com/archive/1/449179/100/0/threaded

http://www.osvdb.org/29426

http://www.kb.cert.org/vuls/id/562788

http://securitytracker.com/id?1017033

http://secunia.com/advisories/22333

Details

Source: Mitre, NVD

Published: 2006-10-10

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.28085