CVE-2006-1190

critical

Description

Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A965

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1783

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1735

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1541

https://exchange.xforce.ibmcloud.com/vulnerabilities/25552

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013

http://www.vupen.com/english/advisories/2006/1318

http://www.securityfocus.com/bid/17455

http://www.kb.cert.org/vuls/id/959649

http://securitytracker.com/id?1015900

http://secunia.com/advisories/18957

Details

Source: Mitre, NVD

Published: 2006-04-11

Updated: 2021-07-23

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical