Vulnerability Description
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL that is returned in a large HTTP 404 error message without an explicit charset, a related issue to CVE-2006-0032.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Internet Explorer | 6.0.2900 |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0017.html
- http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0030.html
- http://www.osvdb.org/31328
- http://www.securityfocus.com/archive/1/447509/100/0/threaded
- http://www.securityfocus.com/archive/1/447516/100/0/threaded
- http://www.securityfocus.com/archive/1/447574/100/0/threaded
- http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0017.html
- http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0030.html
- http://www.osvdb.org/31328
- http://www.securityfocus.com/archive/1/447509/100/0/threaded
- http://www.securityfocus.com/archive/1/447516/100/0/threaded
- http://www.securityfocus.com/archive/1/447574/100/0/threaded
FAQ
What is CVE-2006-5152?
CVE-2006-5152 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL that is returned in a large HTTP 404 erro...
How severe is CVE-2006-5152?
CVE-2006-5152 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5152?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Explorer.