Vulnerabilities > CVE-2006-1016 - Unspecified vulnerability in Microsoft Internet Explorer 6.0

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
microsoft
exploit available
metasploit

Summary

Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote attackers to execute arbitrary code via JavaScript that calls IsComponentInstalled with a long first argument.

Vulnerable Configurations

Part Description Count
Application
Microsoft
1

Exploit-Db

  • descriptionMS Internet Explorer 6.0 SP0 IsComponentInstalled() Remote Exploit. CVE-2006-1016. Remote exploit for windows platform
    idEDB-ID:1536
    last seen2016-01-31
    modified2006-02-28
    published2006-02-28
    reporterH D Moore
    sourcehttps://www.exploit-db.com/download/1536/
    titleMicrosoft Internet Explorer 6.0 SP0 IsComponentInstalled Remote Exploit
  • descriptionInternet Explorer isComponentInstalled Overflow. CVE-2006-1016. Remote exploit for windows platform
    idEDB-ID:16549
    last seen2016-02-02
    modified2010-05-09
    published2010-05-09
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16549/
    titleMicrosoft Internet Explorer - isComponentInstalled Overflow

Metasploit

descriptionThis module exploits a stack buffer overflow in Internet Explorer. This bug was patched in Windows 2000 SP4 and Windows XP SP1 according to MSRC.
idMSF:EXPLOIT/WINDOWS/BROWSER/IE_ISCOMPONENTINSTALLED
last seen2019-12-26
modified2017-07-24
published2006-12-17
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1016
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/ie_iscomponentinstalled.rb
titleMicrosoft Internet Explorer isComponentInstalled Overflow

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/83130/ie_iscomponentinstalled.rb.txt
idPACKETSTORM:83130
last seen2016-12-05
published2009-11-26
reporterH D Moore
sourcehttps://packetstormsecurity.com/files/83130/Internet-Explorer-isComponentInstalled-Overflow.html
titleInternet Explorer isComponentInstalled Overflow

Saint

bid16870
descriptionInternet Explorer isComponentInstalled buffer overflow
idwin_patch_ie_icibo
osvdb31647
titleie_iscomponentinstalled
typeclient