CVE-2006-1016

Microsoft Internet Explorer - Buffer Overflow

Title source: rule

Description

Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote attackers to execute arbitrary code via JavaScript that calls IsComponentInstalled with a long first argument.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16549

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by hdm · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ie_iscomponentinstalled.rb

View Code ZIP pw:eip

References (4)

[Various Sources] http://metasploit.com/projects/Framework/exploits.html#ie_iscomponentinstalled

[Exploit] http://www.metasploit.com/projects/Framework/modules/exploits/ie_iscomponentinstalled.pm

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/24923

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/16870

Scores

EPSS 0.7652

EPSS Percentile 98.9%

Details

Status published

Products (1)

microsoft/internet_explorer 6.0

Published Mar 07, 2006

Tracked Since Feb 18, 2026