Vulnerabilities > CVE-2006-1186 - Unspecified vulnerability in Microsoft IE and Internet Explorer

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
microsoft
critical
nessus
exploit available

Summary

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.

Exploit-Db

descriptionMS Internet Explorer (HTML Tag) Memory Corruption (MS06-013). CVE-2006-1185,CVE-2006-1186,CVE-2006-1188,CVE-2006-1189,CVE-2006-1190,CVE-2006-1191,CVE-2006-11...
idEDB-ID:1838
last seen2016-01-31
modified2006-05-27
published2006-05-27
reporterThomas Waldegger
sourcehttps://www.exploit-db.com/download/1838/
titleMicrosoft Internet Explorer HTML Tag Memory Corruption MS06-013

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS06-013.NASL
descriptionThe remote host is missing IE Cumulative Security Update 912812. The remote version of IE is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host.
last seen2020-06-01
modified2020-06-02
plugin id21210
published2006-04-11
reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/21210
titleMS06-013: Cumulative Security Update for Internet Explorer (912812)

Oval

  • accepted2014-02-24T04:00:17.202-05:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameAnna Min
      organizationBigFix, Inc
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.
    familywindows
    idoval:org.mitre.oval:def:1446
    statusaccepted
    submitted2006-04-12T12:55:00.000-04:00
    titleIE5 COM Object Instantiation Memory Corruption (Win2K)
    version71
  • accepted2014-02-24T04:00:20.491-05:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameMatthew Wojcik
      organizationThe MITRE Corporation
    • namePreeti Subramanian
      organizationSecPod Technologies
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.
    familywindows
    idoval:org.mitre.oval:def:1589
    statusaccepted
    submitted2006-04-12T12:55:00.000-04:00
    titleIE6 COM Object Instantiation Memory Corruption (Win2K/XP,SP1)
    version73
  • accepted2011-05-16T04:01:30.962-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.
    familywindows
    idoval:org.mitre.oval:def:1651
    statusaccepted
    submitted2006-04-12T12:55:00.000-04:00
    titleIE6 COM Object Instantiation Memory Corruption (Server 2003)
    version68
  • accepted2011-05-16T04:01:38.452-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.
    familywindows
    idoval:org.mitre.oval:def:1704
    statusaccepted
    submitted2006-04-12T12:55:00.000-04:00
    titleIE6 COM Object Instantiation Memory Corruption (Server 2003,SP1)
    version68
  • accepted2011-05-16T04:03:30.483-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameDragos Prisaca
      organizationGideon Technologies, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionMicrosoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.
    familywindows
    idoval:org.mitre.oval:def:791
    statusaccepted
    submitted2006-04-12T12:55:00.000-04:00
    titleIE6 COM Object Instantiation Memory Corruption (WinXP)
    version69