CVE-2006-1016

Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote attackers to execute arbitrary code via JavaScript that calls IsComponentInstalled with a long first argument.

Published: Mar 7, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-1016
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / internet_explorer	6.0	6.0.x

http://metasploit.com/projects/Framework/exploits.html#ie_iscomponentinstalled
http://www.metasploit.com/projects/Framework/modules/exploits/ie_iscomponentinstalled.pm
http://www.securityfocus.com/bid/16870
https://exchange.xforce.ibmcloud.com/vulnerabilities/24923

Vulnerability Database

289,697

CVE-2006-1016