Unrated severityNVD Advisory· Published Oct 10, 2006· Updated Apr 23, 2026

CVE-2006-4686

Description

Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.

Affected products

Microsoft/Xml Core Services3 versions
cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:xml_core_services:6.0:*:*:*:*:*:*:*
Microsoft/Xml Parser
cpe:2.3:a:microsoft:xml_parser:2.6:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/562788nvdUS Government Resource
secunia.com/advisories/22333nvd
securitytracker.com/idnvd
www.osvdb.org/29426nvd
www.securityfocus.com/archive/1/449179/100/0/threadednvd
www.securityfocus.com/bid/20338nvd
www.vupen.com/english/advisories/2006/3980nvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-061nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A285nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.026
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000