CVE-2006-1189 - OpenCVE

Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS), aka the "Double Byte Character Parsing Memory Corruption Vulnerability."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Internet Explorer

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:internet_explorer:5.01:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.1:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.5:::::::*
	cpe:2.3:a:microsoft:internet_explorer:6.0:::::::*

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2006-04/0227.html
http://secunia.com/advisories/18957	Vendor Advisory
http://securitytracker.com/id?1015900
http://www.kb.cert.org/vuls/id/341028	US Government Resource
http://www.securityfocus.com/bid/17454
http://www.us-cert.gov/cas/techalerts/TA06-101A.html	US Government Resource
http://www.vupen.com/english/advisories/2006/1318	Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013
https://exchange.xforce.ibmcloud.com/vulnerabilities/25551
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1020
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1484
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A792

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2006-04-11T23:00:00

Updated: 2018-10-12T19:57:01

Reserved: 2006-03-13T00:00:00

Link: CVE-2006-1189

JSON object: View

NVD Information

Status : Modified

Published: 2006-04-11T23:02:00.000

Modified: 2021-07-23T12:55:03.667

Link: CVE-2006-1189

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-04-11T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS), aka the \"Double Byte Character Parsing Memory Corruption Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "oval:org.mitre.oval:def:792", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A792"}, {"name": "18957", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18957"}, {"name": "oval:org.mitre.oval:def:1020", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1020"}, {"name": "1015900", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015900"}, {"name": "20060411 Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2006-04/0227.html"}, {"name": "ie-double-byte-execute-code(25551)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25551"}, {"name": "TA06-101A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"}, {"name": "17454", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17454"}, {"name": "MS06-013", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"}, {"name": "VU#341028", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/341028"}, {"name": "oval:org.mitre.oval:def:1484", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1484"}, {"name": "ADV-2006-1318", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1318"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-1189", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS), aka the \"Double Byte Character Parsing Memory Corruption Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "oval:org.mitre.oval:def:792", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A792"}, {"name": "18957", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18957"}, {"name": "oval:org.mitre.oval:def:1020", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1020"}, {"name": "1015900", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015900"}, {"name": "20060411 Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2006-04/0227.html"}, {"name": "ie-double-byte-execute-code(25551)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25551"}, {"name": "TA06-101A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"}, {"name": "17454", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17454"}, {"name": "MS06-013", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"}, {"name": "VU#341028", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/341028"}, {"name": "oval:org.mitre.oval:def:1484", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1484"}, {"name": "ADV-2006-1318", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1318"}]}}}}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-1189", "datePublished": "2006-04-11T23:00:00", "dateReserved": "2006-03-13T00:00:00", "dateUpdated": "2018-10-12T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1CFF390-FF33-45CA-BC96-C6766491C616", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS), aka the \"Double Byte Character Parsing Memory Corruption Vulnerability.\""}], "evaluatorSolution": "Customers should apply the update immediately.", "id": "CVE-2006-1189", "lastModified": "2021-07-23T12:55:03.667", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-04-11T23:02:00.000", "references": [{"source": "secure@microsoft.com", "url": "http://archives.neohapsis.com/archives/bugtraq/2006-04/0227.html"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/18957"}, {"source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1015900"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/341028"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/17454"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/1318"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013"}, {"source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25551"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1020"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1484"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A792"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}