返回 CVE 瀏覽器

CVE-2006-1190

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1340%

EPSS Percentile44.05th

Published2006年4月11日

Last Modified2026年4月16日

Vulnerability Description

Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code.

Affected Platforms (CPE)

📦

Microsoft

Internet Explorer

= 5.01

📦

Microsoft

Internet Explorer

= 5.1

📦

Microsoft

Internet Explorer

= 5.5

📦

Microsoft

Internet Explorer

= 6.0

References & Advisories

🔗 http://secunia.com/advisories/18957

🔗 http://securitytracker.com/id?1015900

🔗 http://www.kb.cert.org/vuls/id/959649

🔗 http://www.securityfocus.com/bid/17455

🔗 http://www.vupen.com/english/advisories/2006/1318

🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/25552

🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1541

相關漏洞威脅

CVE-1999-046510.0

Remote attackers can crash Lynx and Internet Explorer using an IMG tag with a large width parameter.

CVE-1999-034710.0

Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javasc...

CVE-1999-096710.0

Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource p...

CVE-1999-124110.0

Internet Explorer, with a security setting below Medium, allows remote attackers to execute arbitrary commands via a malicious web...