Vulnerability Details CVE-2006-1016
Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote attackers to execute arbitrary code via JavaScript that calls IsComponentInstalled with a long first argument.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.765
EPSS Ranking 98.9%
CVSS Severity
CVSS v2 Score 7.5
References
- http://metasploit.com/projects/Framework/exploits.html#ie_iscomponentinstalled
- http://www.metasploit.com/projects/Framework/modules/exploits/ie_iscomponentinstalled.pm
- http://www.securityfocus.com/bid/16870
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24923
- http://metasploit.com/projects/Framework/exploits.html#ie_iscomponentinstalled
- http://www.metasploit.com/projects/Framework/modules/exploits/ie_iscomponentinstalled.pm
- http://www.securityfocus.com/bid/16870
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24923
Products affected by CVE-2006-1016
-
cpe:2.3:a:microsoft:internet_explorer:6.0