CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
98.8%
Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code.
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | internet_explorer | 5.01 | cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:* |
microsoft | internet_explorer | 5.1 | cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:* |
microsoft | internet_explorer | 5.5 | cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:* |
microsoft | internet_explorer | 6.0 | cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:* |
secunia.com/advisories/18957
securitytracker.com/id?1015900
www.kb.cert.org/vuls/id/959649
www.securityfocus.com/bid/17455
www.vupen.com/english/advisories/2006/1318
docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013
exchange.xforce.ibmcloud.com/vulnerabilities/25552
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1541
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1735
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1783
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A965
More