Vulnerability Name: | CVE-2006-1189 (CCN-25551) | ||||||||||||||||
Assigned: | 2006-04-11 | ||||||||||||||||
Published: | 2006-04-11 | ||||||||||||||||
Updated: | 2021-07-23 | ||||||||||||||||
Summary: | Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS), aka the "Double Byte Character Parsing Memory Corruption Vulnerability." | ||||||||||||||||
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||||||
Vulnerability Type: | CWE-119 | ||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||
References: | Source: BUGTRAQ Type: UNKNOWN 20060411 Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability Source: CCN Type: BugTraq Mailing List, Tue Apr 11 2006 - 20:46:17 CDT Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability Source: MITRE Type: CNA CVE-2006-1189 Source: CCN Type: SA18957 Internet Explorer Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 18957 Source: CCN Type: SECTRACK ID: 1015900 Microsoft Internet Explorer Parsing and State Errors Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1015900 Source: CCN Type: ASA-2006-079 Windows Security Updates for April 2006 - (MS06-013 - MS06-017) Source: CCN Type: US-CERT VU#341028 Microsoft Internet Explorer fails to properly handle double-byte characters in specially crafted URLs Source: CERT-VN Type: US Government Resource VU#341028 Source: CCN Type: Microsoft Security Bulletin MS06-013 Cumulative Security Update for Internet Explorer (912812) Source: CCN Type: Microsoft Security Bulletin MS06-021 Cumulative Security Update for Internet Explorer (916281) Source: CCN Type: Microsoft Security Bulletin MS06-042 Cumulative Security Update for Internet Explorer (918899) Source: CCN Type: Microsoft Security Bulletin MS06-067 Cumulative Security Update for Internet Explorer (922760) Source: CCN Type: Microsoft Security Bulletin MS06-072 Cumulative Security Update for Internet Explorer (925454) Source: CCN Type: Microsoft Security Bulletin MS07-016 Cumulative Security Update for Internet Explorer (928090) Source: CCN Type: Microsoft Security Bulletin MS07-027 Cumulative Security Update for Internet Explorer (931768) Source: CCN Type: Microsoft Security Bulletin MS07-033 Cumulative Security Update for Internet Explorer (933566) Source: CCN Type: Microsoft Security Bulletin MS07-045 Cumulative Security Update for Internet Explorer (937143) Source: CCN Type: Microsoft Security Bulletin MS07-057 Cumulative Security Update for Internet Explorer (939653) Source: CCN Type: Microsoft Security Bulletin MS07-069 Cumulative Security Update for Internet Explorer (942615) Source: CCN Type: Microsoft Security Bulletin MS08-010 Cumulative Security Update for Internet Explorer (944533) Source: CCN Type: Microsoft Security Bulletin MS08-024 Cumulative Security Update for Internet Explorer (947864) Source: CCN Type: Microsoft Security Bulletin MS08-031 Cumulative Security Update for Internet Explorer (950759) Source: CCN Type: Microsoft Security Bulletin MS08-045 Cumulative Security Update for Internet Explorer (953838) Source: CCN Type: Microsoft Security Bulletin MS08-058 Cumulative Security Update for Internet Explorer (956390) Source: BID Type: UNKNOWN 17454 Source: CCN Type: BID-17454 Microsoft Internet Explorer Double Byte Character Memory Corruption Vulnerability Source: CCN Type: US-CERT Technical Cyber Security Alert TA06-101A Microsoft Windows and Internet Explorer Vulnerabilities Source: CERT Type: US Government Resource TA06-101A Source: VUPEN Type: Vendor Advisory ADV-2006-1318 Source: CCN Type: Internet Security Systems Protection Alert - April 11, 2006 Cumulative Security Update for Internet Explorer Source: MS Type: UNKNOWN MS06-013 Source: XF Type: UNKNOWN ie-double-byte-execute-code(25551) Source: XF Type: UNKNOWN ie-double-byte-execute-code(25551) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1020 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1484 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:792 | ||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||
Oval Definitions | |||||||||||||||||
| |||||||||||||||||
BACK |