CVE-2006-3227
LOWEPSS 96th pctlDescription
Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set, which could be stripped by Internet Explorer to render legible text, but not when using other browsers. NOTE: there has been significant discussion about this issue, and as of 20060625, it is not clear where the responsibility for this issue lies, although it might be due to vagueness within the associated standards. NOTE: this might only be exploitable with certain encodings.
CVSS v2 Vector
No CVSS vector data available.
Exploit Intelligence
Very high risk: more likely to be exploited than 96% of all known CVEs.
References
- http://ha.ckers.org/blog/20060621/malformed-ascii-bypasses-filters/
- http://ha.ckers.org/blog/20060621/us-ascii-xss-part-2
- http://www.osvdb.org/28376
- http://www.securityfocus.com/archive/1/437948/100/0/threaded
- http://www.securityfocus.com/archive/1/438049/100/0/threaded
- http://www.securityfocus.com/archive/1/438051/100/0/threaded
- http://www.securityfocus.com/archive/1/438066/100/0/threaded
- http://www.securityfocus.com/archive/1/438154/100/0/threaded
- http://www.securityfocus.com/archive/1/438163/100/0/threaded
- http://www.securityfocus.com/archive/1/438358/100/0/threaded
- http://www.securityfocus.com/archive/1/438359/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27288
Find and fix vulnerabilities across your fleet
TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
Start freeThis product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-04-16.