Vulnerability Name:

CVE-2006-1186 (CCN-25545)

Assigned:2006-04-11
Published:2006-04-11
Updated:2021-07-23
Summary:Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2006-1186

Source: CCN
Type: SA18957
Internet Explorer Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
18957

Source: CCN
Type: SECTRACK ID: 1015900
Microsoft Internet Explorer Parsing and State Errors Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1015900

Source: CCN
Type: ASA-2006-079
Windows Security Updates for April 2006 - (MS06-013 - MS06-017)

Source: CCN
Type: US-CERT VU#959049
Multiple COM objects cause memory corruption in Microsoft Internet Explorer

Source: CERT-VN
Type: US Government Resource
VU#959049

Source: CCN
Type: Microsoft Security Bulletin MS06-013
Cumulative Security Update for Internet Explorer (912812)

Source: CCN
Type: Microsoft Security Bulletin MS06-021
Cumulative Security Update for Internet Explorer (916281)

Source: CCN
Type: Microsoft Security Bulletin MS06-042
Cumulative Security Update for Internet Explorer (918899)

Source: CCN
Type: Microsoft Security Bulletin MS06-067
Cumulative Security Update for Internet Explorer (922760)

Source: CCN
Type: Microsoft Security Bulletin MS06-072
Cumulative Security Update for Internet Explorer (925454)

Source: CCN
Type: Microsoft Security Bulletin MS07-016
Cumulative Security Update for Internet Explorer (928090)

Source: CCN
Type: Microsoft Security Bulletin MS07-027
Cumulative Security Update for Internet Explorer (931768)

Source: CCN
Type: Microsoft Security Bulletin MS07-033
Cumulative Security Update for Internet Explorer (933566)

Source: CCN
Type: Microsoft Security Bulletin MS07-045
Cumulative Security Update for Internet Explorer (937143)

Source: CCN
Type: Microsoft Security Bulletin MS07-057
Cumulative Security Update for Internet Explorer (939653)

Source: CCN
Type: Microsoft Security Bulletin MS07-069
Cumulative Security Update for Internet Explorer (942615)

Source: CCN
Type: Microsoft Security Bulletin MS08-010
Cumulative Security Update for Internet Explorer (944533)

Source: CCN
Type: Microsoft Security Bulletin MS08-024
Cumulative Security Update for Internet Explorer (947864)

Source: CCN
Type: Microsoft Security Bulletin MS08-031
Cumulative Security Update for Internet Explorer (950759)

Source: CCN
Type: Microsoft Security Bulletin MS08-045
Cumulative Security Update for Internet Explorer (953838)

Source: CCN
Type: Microsoft Security Bulletin MS08-058
Cumulative Security Update for Internet Explorer (956390)

Source: BID
Type: UNKNOWN
17453

Source: CCN
Type: BID-17453
Microsoft Internet Explorer COM Object Instantiation Code Execution Vulnerability

Source: CCN
Type: US-CERT Technical Cyber Security Alert TA06-101A
Microsoft Windows and Internet Explorer Vulnerabilities

Source: CERT
Type: US Government Resource
TA06-101A

Source: VUPEN
Type: UNKNOWN
ADV-2006-1318

Source: CCN
Type: Internet Security Systems Protection Alert - April 11, 2006
Cumulative Security Update for Internet Explorer

Source: MS
Type: UNKNOWN
MS06-013

Source: XF
Type: UNKNOWN
ie-com-activex-execute-code(25545)

Source: XF
Type: UNKNOWN
ie-com-activex-execute-code(25545)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1446

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1589

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1651

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1704

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:791

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:5.0.1:*:windows_2000:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:5.0.1:*:windows_95:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:5.0.1:*:windows_98:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:5.0.1:*:windows_nt_4.0:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:5.01:windows_2000_sp4:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:-::~~~~itanium~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:1446
    V
    IE5 COM Object Instantiation Memory Corruption (Win2K)
    2014-02-24
    oval:org.mitre.oval:def:1589
    V
    IE6 COM Object Instantiation Memory Corruption (Win2K/XP,SP1)
    2014-02-24
    oval:org.mitre.oval:def:791
    V
    IE6 COM Object Instantiation Memory Corruption (WinXP)
    2011-05-16
    oval:org.mitre.oval:def:1704
    V
    IE6 COM Object Instantiation Memory Corruption (Server 2003,SP1)
    2011-05-16
    oval:org.mitre.oval:def:1651
    V
    IE6 COM Object Instantiation Memory Corruption (Server 2003)
    2011-05-16
    BACK
    microsoft internet explorer 5.0.1
    microsoft internet explorer 5.0.1 sp3
    microsoft internet explorer 5.0.1 sp4
    microsoft internet explorer 5.1
    microsoft ie 5.0.1
    microsoft ie 5.0.1
    microsoft internet explorer 5.01
    microsoft internet explorer 5.01 sp1
    microsoft internet explorer 5.5 sp1
    microsoft internet explorer 5.5 sp2
    microsoft ie 5.0.1
    microsoft ie 5.0.1
    microsoft internet explorer 5.01 sp4
    microsoft ie 6 windows_server_2003_sp1
    microsoft ie 5.01 windows_2000_sp4
    microsoft internet explorer 5.01 sp3
    microsoft internet explorer 5.0.1 sp2
    microsoft internet explorer 5.0.1 sp1
    microsoft internet explorer 5.5
    microsoft internet explorer 5.01 sp2
    microsoft internet explorer 5.5 preview
    microsoft ie 6.0
    microsoft ie 6.0 sp1
    microsoft ie 5.01 sp4
    microsoft windows xp - sp1
    microsoft windows 2000 - sp4
    microsoft windows 2003_server
    microsoft windows xp sp2
    microsoft windows 2003 server -
    microsoft windows 2003_server sp1
    microsoft windows 2003_server sp1_itanium