Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1190

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2006-1190
Last Modified 07 Mar 2011 09:32:20
Published 11 Apr 2006 07:02:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1190

Summary

Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code.

Vulnerable Systems

Application

  • Microsoft Ie 5.01

  • Microsoft Ie 5.1

  • Microsoft Ie 5.5

  • Microsoft Ie 6.0


References

CERT-VN - VU#959649

VUPEN - ADV-2006-1318

MS - MS06-013

XF - ie-ioleclientsite-execute-code(25552)

BID - 17455

SECTRACK - 1015900

SECUNIA - 18957


Last Updated: 27 May 2016 10:41:58