CVE-2006-1185 - OpenCVE

Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Internet Explorer Ie
Canon	Network Camera Server Vb101

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:ie:5.01:windows_2000_sp4::::::
	cpe:2.3:a:microsoft:ie:6::windows_xp_professional_64bit:::::
	cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:::::*
	cpe:2.3:a:microsoft:ie:6:windows_2000_sp4::::::
	cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1::::::
	cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium_systems::::::
	cpe:2.3:a:microsoft:ie:6:windows_xp_sp2::::::
	cpe:2.3:a:microsoft:internet_explorer:6:sp1::::::
	cpe:2.3:h:canon:network_camera_server_vb101::::::::

References

Link	Resource
http://secunia.com/advisories/18957
http://securitytracker.com/id?1015900
http://www.kb.cert.org/vuls/id/503124	US Government Resource
http://www.securityfocus.com/bid/17450
http://www.us-cert.gov/cas/techalerts/TA06-101A.html	US Government Resource
http://www.vupen.com/english/advisories/2006/1318
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013
https://exchange.xforce.ibmcloud.com/vulnerabilities/25542
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1677
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1711
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A787

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2006-04-11T23:00:00

Updated: 2018-10-12T19:57:01

Reserved: 2006-03-13T00:00:00

Link: CVE-2006-1185

JSON object: View

NVD Information

Status : Modified

Published: 2006-04-11T23:02:00.000

Modified: 2021-07-23T12:17:15.613

Link: CVE-2006-1185

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-04-11T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "18957", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18957"}, {"name": "1015900", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015900"}, {"name": "oval:org.mitre.oval:def:1677", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1677"}, {"name": "oval:org.mitre.oval:def:787", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A787"}, {"name": "TA06-101A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"}, {"name": "oval:org.mitre.oval:def:1711", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1711"}, {"name": "17450", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17450"}, {"name": "ie-html-execute-code(25542)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25542"}, {"name": "VU#503124", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/503124"}, {"name": "MS06-013", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"}, {"name": "ADV-2006-1318", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1318"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-1185", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "18957", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18957"}, {"name": "1015900", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015900"}, {"name": "oval:org.mitre.oval:def:1677", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1677"}, {"name": "oval:org.mitre.oval:def:787", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A787"}, {"name": "TA06-101A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"}, {"name": "oval:org.mitre.oval:def:1711", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1711"}, {"name": "17450", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17450"}, {"name": "ie-html-execute-code(25542)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25542"}, {"name": "VU#503124", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/503124"}, {"name": "MS06-013", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"}, {"name": "ADV-2006-1318", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1318"}]}}}}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-1185", "datePublished": "2006-04-11T23:00:00", "dateReserved": "2006-03-13T00:00:00", "dateUpdated": "2018-10-12T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:ie:5.01:windows_2000_sp4:*:*:*:*:*:*", "matchCriteriaId": "B054A26A-7414-41B2-A46D-49E798D7A346", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*", "matchCriteriaId": "8EF317BB-E63A-4A60-A2E1-6797A402D88F", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*", "matchCriteriaId": "FCFF1342-8AD8-4003-81AA-09DB4A12EEBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*", "matchCriteriaId": "DBEABB0B-61EF-44E1-8673-F4B5A99A4164", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*", "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium_systems:*:*:*:*:*:*", "matchCriteriaId": "3665D68D-8E1E-4FA9-97B9-9E099DDE84F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*", "matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*", "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE", "vulnerable": true}, {"criteria": "cpe:2.3:h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1EBD1BF-DEE2-4047-A8B4-3A816FC80003", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption."}], "id": "CVE-2006-1185", "lastModified": "2021-07-23T12:17:15.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-04-11T23:02:00.000", "references": [{"source": "secure@microsoft.com", "url": "http://secunia.com/advisories/18957"}, {"source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1015900"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/503124"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/17450"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"}, {"source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2006/1318"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"}, {"source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25542"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1677"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1711"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A787"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}