CVE-2006-1245

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer version 6.0.2900.2180 Microsoft Internet Explorer (affected versions not specified)

Description A remote code execution issue exists in the way Internet Explorer handles multiple event handlers in an HTML element. This could allow an attacker to execute arbitrary code via an HTML tag with a large number of script action handlers, such as onload and onmouseover. An attacker could exploit this by constructing a malicious Web page, potentially allowing remote code execution if a user visits the site. A successful exploitation could give the attacker complete control of the affected system.

Recommendations For Microsoft Internet Explorer version 6.0.2900.2180, consider disabling the handling of multiple event handlers in HTML elements as a temporary workaround until a patch is available. For other affected versions of Microsoft Internet Explorer, at the moment, there is no information about a newer version that contains a fix for this issue.