Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-1189Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Internet Explorer

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
10.0CRITICALNVD
EPSS
54.0%
top 1.98%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedApr 11
Latest updateMay 1

Description

Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS), aka the "Double Byte Character Parsing Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/internet_explorer4 versions+3

🔴Vulnerability Details

1
GHSA
GHSA-hrcv-wxw8-4pf7: Buffer overflow in URLMON2022-05-01

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)2006-05-27
CVE-2006-1189 — Microsoft vulnerability | cvebase