Microsoft Internet Explorer错误IOleClientSite数据区绕过漏洞（MS06-013）

Microsoft Internet Explorer是微软发布的非常流行的WEB浏览器。 在动态的创建嵌入对象时，Internet Explorer返回IOleClientSite信息的方式存在漏洞，恶意网站可能利用此漏洞执行恶意代码或信息收集。 攻击者可以创建有动态创建对象的恶意Web页面，这个对象必须使用返回的IOleClientSite信息做出安全相关的决定。如果用户访问了恶意的站点的话就可能允许远程代码执行或信息泄露。 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 - Microsoft...

CVE-2006-1190

Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code...

CVE-2006-1190

CVE-2006-1190 concerns Microsoft Internet Explorer 5.01–6, where IOleClientSite information may be returned incorrectly when dynamically creating an embedded object. This could cause the object to run in the wrong security context/zone, enabling remote code execution or information disclosure. Th...

Microsoft Internet Explorer Erroneous IOleClientSite Data Zone Bypass Vulnerability

Description Microsoft Internet Explorer is prone to a zone-bypass vulnerability because the browser returns erroneous IOleClientSite when dynamically creating an embedded object. This could cause malicious script code to be executed in a security zone with fewer restrictions than the zone that th...

Microsoft Internet Explorer fails to properly handle embedded objects

Overview Microsoft Internet Explorer IE does not properly handle embedded dynamic objects. This vulnerability may allow a remote attacker to execute arbitrary code. Description IOleClientSite interface According to Microsoft Security Bulletin MS06-013, The IOleClientSite interface is the primary...