CVE-2006-1016 - Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 20

CVE-2006-1016

Summary

Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote attackers to execute arbitrary code via JavaScript that calls IsComponentInstalled with a long first argument.

References

Vulnerable Configurations

cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 23-07-2021 - 12:55)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	16870
misc	http://metasploit.com/projects/Framework/exploits.html#ie_iscomponentinstalled http://www.metasploit.com/projects/Framework/modules/exploits/ie_iscomponentinstalled.pm
xf	ie-iscomponentinstalled-bo(24923)

saint via4

bid	16870
description	Internet Explorer isComponentInstalled buffer overflow
id	win_patch_ie_icibo
osvdb	31647
title	ie_iscomponentinstalled
type	client

Last major update

23-07-2021 - 12:55

Published

07-03-2006 - 00:02

Last modified

23-07-2021 - 12:55