MicrosoftCVELIST:CVE-2006-1190CVE-2006-1190
Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code.
References
secunia.com/advisories/18957
securitytracker.com/id?1015900
www.kb.cert.org/vuls/id/959649
www.securityfocus.com/bid/17455
www.vupen.com/english/advisories/2006/1318
docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013
exchange.xforce.ibmcloud.com/vulnerabilities/25552
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1541
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1735
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1783
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A965
Related
