CyberSec.Space Logo
Back to CVE Browser

CVE-2006-1190

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1340%
EPSS Percentile44.05th
PublishedApr 11, 2006
Last ModifiedApr 16, 2026

Vulnerability Description

Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code.

Affected Platforms (CPE)

πŸ“¦
Microsoft

Internet Explorer

= 5.01
πŸ“¦
Microsoft

Internet Explorer

= 5.1
πŸ“¦
Microsoft

Internet Explorer

= 5.5
πŸ“¦
Microsoft

Internet Explorer

= 6.0

References & Advisories

πŸ”— http://secunia.com/advisories/18957
πŸ”— http://securitytracker.com/id?1015900
πŸ”— http://www.kb.cert.org/vuls/id/959649
πŸ”— http://www.securityfocus.com/bid/17455
πŸ”— http://www.vupen.com/english/advisories/2006/1318
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/25552
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1541

Related Vulnerabilities

CVE-1999-046510.0

Remote attackers can crash Lynx and Internet Explorer using an IMG tag with a large width parameter.

CVE-1999-034710.0

Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javasc...

CVE-1999-096710.0

Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource p...

CVE-1999-124110.0

Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web...