Vulnerability Details : CVE-2006-1016
Public exploit exists!
Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote attackers to execute arbitrary code via JavaScript that calls IsComponentInstalled with a long first argument.
Vulnerability category: OverflowExecute code
Products affected by CVE-2006-1016
- cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-1016
88.84%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2006-1016
-
Microsoft Internet Explorer isComponentInstalled Overflow
Disclosure Date: 2006-02-24First seen: 2020-04-26exploit/windows/browser/ie_iscomponentinstalledThis module exploits a stack buffer overflow in Internet Explorer. This bug was patched in Windows 2000 SP4 and Windows XP SP1 according to MSRC. Authors: - hdm <x@hdm.io>
CVSS scores for CVE-2006-1016
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2006-1016
-
http://www.securityfocus.com/bid/16870
Microsoft Internet Explorer IsComponentInstalled Buffer Overflow Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/24923
-
http://www.metasploit.com/projects/Framework/modules/exploits/ie_iscomponentinstalled.pm
Exploit
-
http://metasploit.com/projects/Framework/exploits.html#ie_iscomponentinstalled
Jump to