cvelistv5 - CVE-2006-1190

CVE-2006-1190 (GCVE-0-2006-1190)

Vulnerability from cvelistv5 – Published: 2006-04-11 23:00 – Updated: 2024-08-07 17:03

Summary

Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code.

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://secunia.com/advisories/18957	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://securitytracker.com/id?1015900	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/17455	vdb-entryx_refsource_BID
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.vupen.com/english/advisories/2006/1318	vdb-entryx_refsource_VUPEN
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.kb.cert.org/vuls/id/959649	third-party-advisoryx_refsource_CERT-VN
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:03:28.542Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "18957",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18957"
          },
          {
            "name": "oval:org.mitre.oval:def:1735",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1735"
          },
          {
            "name": "1015900",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015900"
          },
          {
            "name": "17455",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17455"
          },
          {
            "name": "oval:org.mitre.oval:def:1541",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1541"
          },
          {
            "name": "MS06-013",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
          },
          {
            "name": "ie-ioleclientsite-execute-code(25552)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25552"
          },
          {
            "name": "ADV-2006-1318",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1318"
          },
          {
            "name": "oval:org.mitre.oval:def:965",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A965"
          },
          {
            "name": "VU#959649",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/959649"
          },
          {
            "name": "oval:org.mitre.oval:def:1783",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1783"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-04-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "18957",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18957"
        },
        {
          "name": "oval:org.mitre.oval:def:1735",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1735"
        },
        {
          "name": "1015900",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015900"
        },
        {
          "name": "17455",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17455"
        },
        {
          "name": "oval:org.mitre.oval:def:1541",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1541"
        },
        {
          "name": "MS06-013",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
        },
        {
          "name": "ie-ioleclientsite-execute-code(25552)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25552"
        },
        {
          "name": "ADV-2006-1318",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1318"
        },
        {
          "name": "oval:org.mitre.oval:def:965",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A965"
        },
        {
          "name": "VU#959649",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/959649"
        },
        {
          "name": "oval:org.mitre.oval:def:1783",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1783"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-1190",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "18957",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18957"
            },
            {
              "name": "oval:org.mitre.oval:def:1735",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1735"
            },
            {
              "name": "1015900",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015900"
            },
            {
              "name": "17455",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17455"
            },
            {
              "name": "oval:org.mitre.oval:def:1541",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1541"
            },
            {
              "name": "MS06-013",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
            },
            {
              "name": "ie-ioleclientsite-execute-code(25552)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25552"
            },
            {
              "name": "ADV-2006-1318",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1318"
            },
            {
              "name": "oval:org.mitre.oval:def:965",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A965"
            },
            {
              "name": "VU#959649",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/959649"
            },
            {
              "name": "oval:org.mitre.oval:def:1783",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1783"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2006-1190",
    "datePublished": "2006-04-11T23:00:00",
    "dateReserved": "2006-03-13T00:00:00",
    "dateUpdated": "2024-08-07T17:03:28.542Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6219D36E-9E2C-4DC7-8FD5-FAD144A333F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B1CFF390-FF33-45CA-BC96-C6766491C616\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"40F8042F-C621-45AE-9F8C-70469579643A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A19F6133-25D1-44A5-B6B9-354703436783\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code.\"}]",
      "id": "CVE-2006-1190",
      "lastModified": "2024-11-21T00:08:16.003",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2006-04-11T23:02:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/18957\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://securitytracker.com/id?1015900\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/959649\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/17455\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1318\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/25552\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1541\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1735\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1783\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A965\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://secunia.com/advisories/18957\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1015900\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/959649\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/17455\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1318\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/25552\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1541\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1735\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1783\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A965\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-1190\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2006-04-11T23:02:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6219D36E-9E2C-4DC7-8FD5-FAD144A333F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1CFF390-FF33-45CA-BC96-C6766491C616\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40F8042F-C621-45AE-9F8C-70469579643A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A19F6133-25D1-44A5-B6B9-354703436783\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/18957\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://securitytracker.com/id?1015900\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.kb.cert.org/vuls/id/959649\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/17455\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/1318\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25552\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1541\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1735\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1783\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A965\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/18957\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1015900\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/959649\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/17455\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/1318\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25552\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1541\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1735\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1783\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A965\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-C23P-XXJH-MJ75

Vulnerability from github – Published: 2022-05-01 06:46 – Updated: 2022-05-01 06:46

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-1190"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-04-11T23:02:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code.",
  "id": "GHSA-c23p-xxjh-mj75",
  "modified": "2022-05-01T06:46:47Z",
  "published": "2022-05-01T06:46:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-1190"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25552"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1541"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1735"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1783"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A965"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18957"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1015900"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/959649"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/17455"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/1318"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2006-AVI-150

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités dans Microsoft Internet Explorer laissent la possibilité à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

Plusieurs vulnérabilités existent dans certaines versions du navigateur Microsoft Internet Explorer. Les plus importantes sont détaillées ci-dessous :

l'appel de certains objets HTML (DHTML Method Call) peut provoquer un débordement de mémoire. Un utilisateur malveillant peut profiter de cette vulnérabilité au moyen d'une page web spécialement conçue pour exécuter du code arbitraire à distance.
la manipulation de plusieurs évènements dans un élément HTML n'est pas correctement gérée par Internet Explorer. De la même façon, un utilisateur malveillant peut utiliser ses vulnérabilités dans une page web dédiée, et ainsi exécuter du code arbitraire sur toute machine vulnérable visitant cette page.
une application HTML (connue sous le nom de HTA) construite d'une certaine manière peut contourner le contrôle de sécurité opéré par Internet Explorer.
l'analyse syntaxique du code HTML par Internet Explorer (HTML Parsing) présente plusieurs vulnérabilités permettant l'exécution de code arbitraire à distance au moyen d'une page web contenant des balises HTML non conformes.
certaines adresses réticulaires (URLs) contenant des caractères particuliers à deux octets peuvent être utilisées pour exécuter du code arbitraire à distance. Cette vulnérabilité ne devrait pas concerner les versions françaises ou anglaises de Microsoft Internet Explorer.
un utilisateur malveillant peut usurper l'adresse affichée dans le navigateur. Il peut ainsi provoquer l'affichage dans la barre d'adressage d'une adresse qui ne correspond pas au site visité. Cette technique est par exemple utilisable dans des cas de filoutage.

Solution

Appliquer le correctif tel qu'indiqué dans le bulletin de sécurité Microsoft MS06-013 (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Internet Explorer 5.0 Service Pack 4 ;
Microsoft	Windows	Microsoft Internet Explorer 6 pour Microsoft Windows Server 2003 ;
Microsoft	Windows	Microsoft Internet Explorer 6 pour Microsoft Windows XP Service Pack 2.
Microsoft	N/A	Microsoft Internet Explorer 6 Service Pack 1 ;
Microsoft	Windows	Microsoft Internet Explorer 6 pour Microsoft Windows Server 2003 Service Pack 1 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS06-013 du 11 avril 2006

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Internet Explorer 5.0 Service Pack 4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Explorer 6 pour Microsoft Windows Server 2003 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Explorer 6 pour Microsoft Windows XP Service Pack 2.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Explorer 6 Service Pack 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Explorer 6 pour Microsoft Windows Server 2003 Service Pack 1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s existent dans certaines versions du navigateur\nMicrosoft Internet Explorer. Les plus importantes sont d\u00e9taill\u00e9es\nci-dessous :\n\n-   l\u0027appel de certains objets HTML (DHTML Method Call) peut provoquer\n    un d\u00e9bordement de m\u00e9moire. Un utilisateur malveillant peut profiter\n    de cette vuln\u00e9rabilit\u00e9 au moyen d\u0027une page web sp\u00e9cialement con\u00e7ue\n    pour ex\u00e9cuter du code arbitraire \u00e0 distance.\n-   la manipulation de plusieurs \u00e9v\u00e8nements dans un \u00e9l\u00e9ment HTML n\u0027est\n    pas correctement g\u00e9r\u00e9e par Internet Explorer. De la m\u00eame fa\u00e7on, un\n    utilisateur malveillant peut utiliser ses vuln\u00e9rabilit\u00e9s dans une\n    page web d\u00e9di\u00e9e, et ainsi ex\u00e9cuter du code arbitraire sur toute\n    machine vuln\u00e9rable visitant cette page.\n-   une application HTML (connue sous le nom de HTA) construite d\u0027une\n    certaine mani\u00e8re peut contourner le contr\u00f4le de s\u00e9curit\u00e9 op\u00e9r\u00e9 par\n    Internet Explorer.\n-   l\u0027analyse syntaxique du code HTML par Internet Explorer (HTML\n    Parsing) pr\u00e9sente plusieurs vuln\u00e9rabilit\u00e9s permettant l\u0027ex\u00e9cution de\n    code arbitraire \u00e0 distance au moyen d\u0027une page web contenant des\n    balises HTML non conformes.\n-   certaines adresses r\u00e9ticulaires (URLs) contenant des caract\u00e8res\n    particuliers \u00e0 deux octets peuvent \u00eatre utilis\u00e9es pour ex\u00e9cuter du\n    code arbitraire \u00e0 distance. Cette vuln\u00e9rabilit\u00e9 ne devrait pas\n    concerner les versions fran\u00e7aises ou anglaises de Microsoft Internet\n    Explorer.\n-   un utilisateur malveillant peut usurper l\u0027adresse affich\u00e9e dans le\n    navigateur. Il peut ainsi provoquer l\u0027affichage dans la barre\n    d\u0027adressage d\u0027une adresse qui ne correspond pas au site visit\u00e9.\n    Cette technique est par exemple utilisable dans des cas de\n    filoutage.\n\n## Solution\n\nAppliquer le correctif tel qu\u0027indiqu\u00e9 dans le bulletin de s\u00e9curit\u00e9\nMicrosoft MS06-013 (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-1359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1359"
    },
    {
      "name": "CVE-2006-1191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1191"
    },
    {
      "name": "CVE-2006-1388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1388"
    },
    {
      "name": "CVE-2006-1245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1245"
    },
    {
      "name": "CVE-2006-1192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1192"
    },
    {
      "name": "CVE-2006-1190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1190"
    },
    {
      "name": "CVE-2006-1185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1185"
    },
    {
      "name": "CVE-2006-1186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1186"
    },
    {
      "name": "CVE-2006-1188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1188"
    },
    {
      "name": "CVE-2006-1189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1189"
    }
  ],
  "links": [],
  "reference": "CERTA-2006-AVI-150",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-04-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans Microsoft Internet Explorer laissent la\npossibilit\u00e9 \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-013 du 11 avril 2006",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS06-013.mspx"
    }
  ]
}

CERTA-2006-AVI-150

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités dans Microsoft Internet Explorer laissent la possibilité à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

Plusieurs vulnérabilités existent dans certaines versions du navigateur Microsoft Internet Explorer. Les plus importantes sont détaillées ci-dessous :

l'appel de certains objets HTML (DHTML Method Call) peut provoquer un débordement de mémoire. Un utilisateur malveillant peut profiter de cette vulnérabilité au moyen d'une page web spécialement conçue pour exécuter du code arbitraire à distance.
la manipulation de plusieurs évènements dans un élément HTML n'est pas correctement gérée par Internet Explorer. De la même façon, un utilisateur malveillant peut utiliser ses vulnérabilités dans une page web dédiée, et ainsi exécuter du code arbitraire sur toute machine vulnérable visitant cette page.
une application HTML (connue sous le nom de HTA) construite d'une certaine manière peut contourner le contrôle de sécurité opéré par Internet Explorer.
l'analyse syntaxique du code HTML par Internet Explorer (HTML Parsing) présente plusieurs vulnérabilités permettant l'exécution de code arbitraire à distance au moyen d'une page web contenant des balises HTML non conformes.
certaines adresses réticulaires (URLs) contenant des caractères particuliers à deux octets peuvent être utilisées pour exécuter du code arbitraire à distance. Cette vulnérabilité ne devrait pas concerner les versions françaises ou anglaises de Microsoft Internet Explorer.
un utilisateur malveillant peut usurper l'adresse affichée dans le navigateur. Il peut ainsi provoquer l'affichage dans la barre d'adressage d'une adresse qui ne correspond pas au site visité. Cette technique est par exemple utilisable dans des cas de filoutage.

Solution

Appliquer le correctif tel qu'indiqué dans le bulletin de sécurité Microsoft MS06-013 (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Internet Explorer 5.0 Service Pack 4 ;
Microsoft	Windows	Microsoft Internet Explorer 6 pour Microsoft Windows Server 2003 ;
Microsoft	Windows	Microsoft Internet Explorer 6 pour Microsoft Windows XP Service Pack 2.
Microsoft	N/A	Microsoft Internet Explorer 6 Service Pack 1 ;
Microsoft	Windows	Microsoft Internet Explorer 6 pour Microsoft Windows Server 2003 Service Pack 1 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS06-013 du 11 avril 2006

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Internet Explorer 5.0 Service Pack 4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Explorer 6 pour Microsoft Windows Server 2003 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Explorer 6 pour Microsoft Windows XP Service Pack 2.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Explorer 6 Service Pack 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Explorer 6 pour Microsoft Windows Server 2003 Service Pack 1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s existent dans certaines versions du navigateur\nMicrosoft Internet Explorer. Les plus importantes sont d\u00e9taill\u00e9es\nci-dessous :\n\n-   l\u0027appel de certains objets HTML (DHTML Method Call) peut provoquer\n    un d\u00e9bordement de m\u00e9moire. Un utilisateur malveillant peut profiter\n    de cette vuln\u00e9rabilit\u00e9 au moyen d\u0027une page web sp\u00e9cialement con\u00e7ue\n    pour ex\u00e9cuter du code arbitraire \u00e0 distance.\n-   la manipulation de plusieurs \u00e9v\u00e8nements dans un \u00e9l\u00e9ment HTML n\u0027est\n    pas correctement g\u00e9r\u00e9e par Internet Explorer. De la m\u00eame fa\u00e7on, un\n    utilisateur malveillant peut utiliser ses vuln\u00e9rabilit\u00e9s dans une\n    page web d\u00e9di\u00e9e, et ainsi ex\u00e9cuter du code arbitraire sur toute\n    machine vuln\u00e9rable visitant cette page.\n-   une application HTML (connue sous le nom de HTA) construite d\u0027une\n    certaine mani\u00e8re peut contourner le contr\u00f4le de s\u00e9curit\u00e9 op\u00e9r\u00e9 par\n    Internet Explorer.\n-   l\u0027analyse syntaxique du code HTML par Internet Explorer (HTML\n    Parsing) pr\u00e9sente plusieurs vuln\u00e9rabilit\u00e9s permettant l\u0027ex\u00e9cution de\n    code arbitraire \u00e0 distance au moyen d\u0027une page web contenant des\n    balises HTML non conformes.\n-   certaines adresses r\u00e9ticulaires (URLs) contenant des caract\u00e8res\n    particuliers \u00e0 deux octets peuvent \u00eatre utilis\u00e9es pour ex\u00e9cuter du\n    code arbitraire \u00e0 distance. Cette vuln\u00e9rabilit\u00e9 ne devrait pas\n    concerner les versions fran\u00e7aises ou anglaises de Microsoft Internet\n    Explorer.\n-   un utilisateur malveillant peut usurper l\u0027adresse affich\u00e9e dans le\n    navigateur. Il peut ainsi provoquer l\u0027affichage dans la barre\n    d\u0027adressage d\u0027une adresse qui ne correspond pas au site visit\u00e9.\n    Cette technique est par exemple utilisable dans des cas de\n    filoutage.\n\n## Solution\n\nAppliquer le correctif tel qu\u0027indiqu\u00e9 dans le bulletin de s\u00e9curit\u00e9\nMicrosoft MS06-013 (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-1359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1359"
    },
    {
      "name": "CVE-2006-1191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1191"
    },
    {
      "name": "CVE-2006-1388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1388"
    },
    {
      "name": "CVE-2006-1245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1245"
    },
    {
      "name": "CVE-2006-1192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1192"
    },
    {
      "name": "CVE-2006-1190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1190"
    },
    {
      "name": "CVE-2006-1185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1185"
    },
    {
      "name": "CVE-2006-1186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1186"
    },
    {
      "name": "CVE-2006-1188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1188"
    },
    {
      "name": "CVE-2006-1189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1189"
    }
  ],
  "links": [],
  "reference": "CERTA-2006-AVI-150",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-04-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans Microsoft Internet Explorer laissent la\npossibilit\u00e9 \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-013 du 11 avril 2006",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS06-013.mspx"
    }
  ]
}

FKIE_CVE-2006-1190

Vulnerability from fkie_nvd - Published: 2006-04-11 23:02 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://secunia.com/advisories/18957
secure@microsoft.com	http://securitytracker.com/id?1015900
secure@microsoft.com	http://www.kb.cert.org/vuls/id/959649	US Government Resource
secure@microsoft.com	http://www.securityfocus.com/bid/17455
secure@microsoft.com	http://www.vupen.com/english/advisories/2006/1318
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/25552
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1541
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1735
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1783
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A965
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18957
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015900
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/959649	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/17455
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/1318
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/25552
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1541
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1735
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1783
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A965

Impacted products

Vendor	Product	Version
microsoft	internet_explorer	5.01
microsoft	internet_explorer	5.1
microsoft	internet_explorer	5.5
microsoft	internet_explorer	6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code."
    }
  ],
  "id": "CVE-2006-1190",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-04-11T23:02:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/18957"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://securitytracker.com/id?1015900"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/959649"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/17455"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2006/1318"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25552"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1541"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1735"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1783"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A965"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18957"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1015900"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/959649"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/17455"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/1318"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25552"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1541"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1735"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1783"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A965"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2006-1190

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-1190

Aliases

CVE-2006-1190

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-1190",
    "description": "Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code.",
    "id": "GSD-2006-1190"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-1190"
      ],
      "details": "Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code.",
      "id": "GSD-2006-1190",
      "modified": "2023-12-13T01:19:54.642578Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2006-1190",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "18957",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/18957"
          },
          {
            "name": "oval:org.mitre.oval:def:1735",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1735"
          },
          {
            "name": "1015900",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1015900"
          },
          {
            "name": "17455",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/17455"
          },
          {
            "name": "oval:org.mitre.oval:def:1541",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1541"
          },
          {
            "name": "MS06-013",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
          },
          {
            "name": "ie-ioleclientsite-execute-code(25552)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25552"
          },
          {
            "name": "ADV-2006-1318",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/1318"
          },
          {
            "name": "oval:org.mitre.oval:def:965",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A965"
          },
          {
            "name": "VU#959649",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/959649"
          },
          {
            "name": "oval:org.mitre.oval:def:1783",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1783"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-1190"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#959649",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/959649"
            },
            {
              "name": "17455",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/17455"
            },
            {
              "name": "18957",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/18957"
            },
            {
              "name": "1015900",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1015900"
            },
            {
              "name": "ADV-2006-1318",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/1318"
            },
            {
              "name": "ie-ioleclientsite-execute-code(25552)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25552"
            },
            {
              "name": "oval:org.mitre.oval:def:965",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A965"
            },
            {
              "name": "oval:org.mitre.oval:def:1783",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1783"
            },
            {
              "name": "oval:org.mitre.oval:def:1735",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1735"
            },
            {
              "name": "oval:org.mitre.oval:def:1541",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1541"
            },
            {
              "name": "MS06-013",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2021-07-23T12:55Z",
      "publishedDate": "2006-04-11T23:02Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-1190 (GCVE-0-2006-1190)

GHSA-C23P-XXJH-MJ75

CERTA-2006-AVI-150

Description

Solution

CERTA-2006-AVI-150

Description

Solution

FKIE_CVE-2006-1190

GSD-2006-1190

Tags

Sightings

Nomenclature