CVE-2006-6956 : Microsoft Internet Explorer allows remote attackers to cause a denial of service

Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.

Published 2007-01-29 16:28:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2006-6956

Microsoft » Internet Explorer
cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-6956

EPSS FAQ

11.89%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 93 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-6956

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2006-6956

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2006-6956

https://exchange.xforce.ibmcloud.com/vulnerabilities/26898

Mozilla Firefox HTML marquee tag denial of service CVE-2006-6956 Vulnerability Report

CVEs referencing this url
http://archives.neohapsis.com/archives/bugtraq/2006-06/0085.html

Exploit;Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2006-6956

Products affected by CVE-2006-6956

Exploit prediction scoring system (EPSS) score for CVE-2006-6956

CVSS scores for CVE-2006-6956

CWE ids for CVE-2006-6956

References for CVE-2006-6956