Vulnerability Description
Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Internet Explorer | 5.01 |
References
- http://secunia.com/advisories/18957
- http://securitytracker.com/id?1015900
- http://www.kb.cert.org/vuls/id/959649US Government Resource
- http://www.securityfocus.com/bid/17455
- http://www.vupen.com/english/advisories/2006/1318
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-01
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25552
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://secunia.com/advisories/18957
- http://securitytracker.com/id?1015900
- http://www.kb.cert.org/vuls/id/959649US Government Resource
- http://www.securityfocus.com/bid/17455
FAQ
What is CVE-2006-1190?
CVE-2006-1190 is a vulnerability with a CVSS score of 10.0 (HIGH). Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the ob...
How severe is CVE-2006-1190?
CVE-2006-1190 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1190?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Explorer.