CVE-2006-1190

Microsoft Internet Explorer <6 - RCE

Title source: llm

Description

Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code.

Exploits (1)

exploitdb WORKING POC

htmldoswindows

https://www.exploit-db.com/exploits/1838

View Code ZIP pw:eip

References (11)

[US Government Resource] http://www.kb.cert.org/vuls/id/959649

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/25552

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/17455

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1541

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1735

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1783

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A965

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1015900

[Third Party Advisory] http://secunia.com/advisories/18957

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/1318

Scores

EPSS 0.7838

EPSS Percentile 99.0%

Details

Status published

Products (4)

microsoft/internet_explorer 5.01

microsoft/internet_explorer 5.1

microsoft/internet_explorer 5.5

microsoft/internet_explorer 6.0

Published Apr 11, 2006

Tracked Since Feb 18, 2026