CVE-2006-1186

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/18957	Patch Vendor Advisory
http://securitytracker.com/id?1015900
http://www.kb.cert.org/vuls/id/959049	US Government Resource
http://www.securityfocus.com/bid/17453
http://www.us-cert.gov/cas/techalerts/TA06-101A.html	US Government Resource
http://www.vupen.com/english/advisories/2006/1318
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013
https://exchange.xforce.ibmcloud.com/vulnerabilities/25545
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1446
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1589
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1651
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1704
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A791
http://secunia.com/advisories/18957	Patch Vendor Advisory
http://securitytracker.com/id?1015900
http://www.kb.cert.org/vuls/id/959049	US Government Resource
http://www.securityfocus.com/bid/17453
http://www.us-cert.gov/cas/techalerts/TA06-101A.html	US Government Resource
http://www.vupen.com/english/advisories/2006/1318
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013
https://exchange.xforce.ibmcloud.com/vulnerabilities/25545
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1446
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1589
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1651
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1704
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A791

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:ie:5.0.1::windows_2000:::::
	cpe:2.3:a:microsoft:ie:5.0.1::windows_95:::::
	cpe:2.3:a:microsoft:ie:5.0.1::windows_98:::::
	cpe:2.3:a:microsoft:ie:5.0.1::windows_nt_4.0:::::
	cpe:2.3:a:microsoft:ie:5.01:windows_2000_sp4::::::
	cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:5.0.1:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2::::::
	cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3::::::
	cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4::::::
	cpe:2.3:a:microsoft:internet_explorer:5.01:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.1:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.01:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:5.01:sp2::::::
	cpe:2.3:a:microsoft:internet_explorer:5.01:sp3::::::
	cpe:2.3:a:microsoft:internet_explorer:5.01:sp4::::::
	cpe:2.3:a:microsoft:internet_explorer:5.5:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.5:preview::::::
	cpe:2.3:a:microsoft:internet_explorer:5.5:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:5.5:sp2::::::

History

21 Nov 2024, 00:08

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/18957 - Patch, Vendor Advisory~~	() http://secunia.com/advisories/18957 - Patch, Vendor Advisory
References	~~() http://securitytracker.com/id?1015900 -~~	() http://securitytracker.com/id?1015900 -
References	~~() http://www.kb.cert.org/vuls/id/959049 - US Government Resource~~	() http://www.kb.cert.org/vuls/id/959049 - US Government Resource
References	~~() http://www.securityfocus.com/bid/17453 -~~	() http://www.securityfocus.com/bid/17453 -
References	~~() http://www.us-cert.gov/cas/techalerts/TA06-101A.html - US Government Resource~~	() http://www.us-cert.gov/cas/techalerts/TA06-101A.html - US Government Resource
References	~~() http://www.vupen.com/english/advisories/2006/1318 -~~	() http://www.vupen.com/english/advisories/2006/1318 -
References	~~() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 -~~	() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/25545 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/25545 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1446 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1446 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1589 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1589 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1651 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1651 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1704 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1704 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A791 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A791 -

Information

Published : 2006-04-11 23:02

Updated : 2025-04-03 01:03

NVD link : CVE-2006-1186

Mitre link : CVE-2006-1186

CVE.ORG link : CVE-2006-1186

JSON object : View

Products Affected

microsoft

ie
internet_explorer

CWE

NVD-CWE-Other

{"id": "CVE-2006-1186", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-04-11T23:02:00.000", "references": [{"url": "http://secunia.com/advisories/18957", "tags": ["Patch", "Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "http://securitytracker.com/id?1015900", "source": "secure@microsoft.com"}, {"url": "http://www.kb.cert.org/vuls/id/959049", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/17453", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.vupen.com/english/advisories/2006/1318", "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013", "source": "secure@microsoft.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25545", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1446", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1589", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1651", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1704", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A791", "source": "secure@microsoft.com"}, {"url": "http://secunia.com/advisories/18957", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1015900", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/959049", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/17453", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/1318", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25545", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1446", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1589", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1651", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1704", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A791", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_2000:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F9AE3DB-EB7C-4B17-AF7A-CD8FC3C77070"}, {"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_95:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "151FE30E-9320-495C-84AD-60893FAED223"}, {"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_98:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5805FB74-2AD6-4919-BAAE-D995CA2650A7"}, {"criteria": "cpe:2.3:a:microsoft:ie:5.0.1:*:windows_nt_4.0:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D328337-A2FE-4E2E-8A8D-C170DC0A88E6"}, {"criteria": "cpe:2.3:a:microsoft:ie:5.01:windows_2000_sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B054A26A-7414-41B2-A46D-49E798D7A346"}, {"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BFFB565-F656-43E3-89E1-E412DC4C9D41"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD3A3282-8842-4708-AF7B-0AFBEB5D4F9A"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4336F0E-75FE-4592-9D98-4F689804956E"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3F2A51E-2675-4993-B9C2-F2D176A92857"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E93C22E-812E-4CDA-9850-2386CE1E817A"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CD04E07-3664-4D4F-BF3E-6B33AF0F2D12"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}

10.0 /10