Vulnerabilities > CVE-2006-1191 - Unspecified vulnerability in Microsoft Internet Explorer
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Microsoft Internet Explorer 5.01 through 6 does not always correctly identify the domain that is associated with a browser window, which allows remote attackers to obtain sensitive cross-domain information and spoof sites by running script after the user has navigated to another site.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Exploit-Db
| description | MS Internet Explorer (HTML Tag) Memory Corruption (MS06-013). CVE-2006-1185,CVE-2006-1186,CVE-2006-1188,CVE-2006-1189,CVE-2006-1190,CVE-2006-1191,CVE-2006-11... |
| id | EDB-ID:1838 |
| last seen | 2016-01-31 |
| modified | 2006-05-27 |
| published | 2006-05-27 |
| reporter | Thomas Waldegger |
| source | https://www.exploit-db.com/download/1838/ |
| title | Microsoft Internet Explorer HTML Tag Memory Corruption MS06-013 |
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS06-013.NASL |
| description | The remote host is missing IE Cumulative Security Update 912812. The remote version of IE is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 21210 |
| published | 2006-04-11 |
| reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/21210 |
| title | MS06-013: Cumulative Security Update for Internet Explorer (912812) |
Oval
accepted 2011-05-16T04:00:40.668-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Dragos Prisaca organization Gideon Technologies, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Microsoft Internet Explorer 5.01 through 6 does not always correctly identify the domain that is associated with a browser window, which allows remote attackers to obtain sensitive cross-domain information and spoof sites by running script after the user has navigated to another site. family windows id oval:org.mitre.oval:def:1251 status accepted submitted 2006-04-12T12:55:00.000-04:00 title IE6 Cross-Domain Information Disclosure Vulnerability (WinXP) version 69 accepted 2011-05-16T04:01:38.707-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Microsoft Internet Explorer 5.01 through 6 does not always correctly identify the domain that is associated with a browser window, which allows remote attackers to obtain sensitive cross-domain information and spoof sites by running script after the user has navigated to another site. family windows id oval:org.mitre.oval:def:1710 status accepted submitted 2006-04-12T12:55:00.000-04:00 title IE6 Cross-Domain Information Disclosure Vulnerability (Server 2003,SP1) version 68
References
- http://secunia.com/advisories/18957
- http://www.securityfocus.com/bid/17457
- http://securitytracker.com/id?1015892
- http://www.vupen.com/english/advisories/2006/1318
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25555
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1710
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1251
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013