Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-1186Out-of-bounds Write in Microsoft IE

4 documents4 sources
Severity
10.0CRITICALNVD
EPSS
74.8%
top 1.13%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedApr 11
Latest updateMay 1

Description

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/internet_explorer4 versions+3
NVDmicrosoft/ie5.0.1, 5.01, 6+2

Patches

Patch: secunia.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-vvhf-wm2c-wj67: Microsoft Internet Explorer 52022-05-01
CVEList
CVE-2006-1186: Microsoft Internet Explorer 52006-04-11

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)2006-05-27
CVE-2006-1186 — Out-of-bounds Write in Microsoft IE | cvebase