CVE-2006-4686

CVE Database · CVE-2006-4686

CVE-2006-4686

· N/AModified

CVSS v3.1

N/A

EPSS

28.76%

Published

Oct 10, 2006

Modified

Apr 22, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.

Affected Products (4)

microsoft · xml_core_servicesvulnerable

microsoft · xml_parservulnerable

References (18)

http://secunia.com/advisories/22333

http://securitytracker.com/id?1017033

http://www.kb.cert.org/vuls/id/562788

US Government Resource

http://www.osvdb.org/29426

http://www.securityfocus.com/archive/1/449179/100/0/threaded

http://www.securityfocus.com/bid/20338

http://www.vupen.com/english/advisories/2006/3980

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-061

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A285

http://secunia.com/advisories/22333

http://securitytracker.com/id?1017033

KEV Catalog EPSS Scores Vendors All CVEs