CVE-2006-3643

Name of the Vulnerable Software and Affected Versions Internet Explorer versions 5.01 through 6 Microsoft Windows 2000 SP4

Description The issue allows remote authenticated users to execute arbitrary commands due to a cross-site scripting (XSS) vulnerability. This vulnerability could permit access to local HTML-embedded resource files in the Microsoft Management Console (MMC) library. A remote code execution vulnerability in the Windows Management Console could allow an attacker to take complete control of the affected system.

Recommendations For Internet Explorer versions 5.01 through 6, update to a version that is not affected by this issue. For Microsoft Windows 2000 SP4, consider restricting access to the Microsoft Management Console (MMC) library until a patch is available. As a temporary workaround, consider disabling the execution of arbitrary commands in the MMC library to minimize the risk of exploitation.