CVE-2006-4686

Name of the Vulnerable Software and Affected Versions Microsoft XML Parser version 2.6 Microsoft XML Core Services versions 3.0 through 6.0

Description A buffer overflow issue exists in the Extensible Stylesheet Language Transformations (XSLT) processing, allowing remote attackers to execute arbitrary code via a crafted Web page. This could potentially allow an attacker to take complete control of an affected system if a user visits the malicious page.

Recommendations For Microsoft XML Parser version 2.6, update to a version that fixes the XSLT processing issue. For Microsoft XML Core Services versions 3.0 through 6.0, update to a version that fixes the XSLT processing issue. As a temporary workaround, consider restricting access to XSLT processing until a patch is available.