CVE-2006-1190

2006-04-1123:02:00

[email protected]

web.nvd.nist.gov

cve-2006-1190

microsoft internet explorer

ioleclientsite

security context

remote code execution

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.1 High

AI Score

Confidence

High

0.795 High

EPSS

Percentile

98.3%

JSON

Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code.

Affected configurations

NVD

Node

microsoftinternet_explorerMatch5.01

microsoftinternet_explorerMatch5.1

microsoftinternet_explorerMatch5.5

microsoftinternet_explorerMatch6.0

CPENameOperatorVersion
microsoft:internet_explorermicrosoft internet explorereq5.01
microsoft:internet_explorermicrosoft internet explorereq5.1
microsoft:internet_explorermicrosoft internet explorereq5.5
microsoft:internet_explorermicrosoft internet explorereq6.0

CPE	Name	Operator	Version
microsoft:internet_explorer	microsoft internet explorer	eq	5.01
microsoft:internet_explorer	microsoft internet explorer	eq	5.1
microsoft:internet_explorer	microsoft internet explorer	eq	5.5
microsoft:internet_explorer	microsoft internet explorer	eq	6.0