CVSS: 10.0EPSS: 89%CPEs: 4EXPL: 1CVE-2006-1190 – Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)
https://notcve.org/view.php?id=CVE-2006-1190
Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code. • https://www.exploit-db.com/exploits/1838 http://secunia.com/advisories/18957 http://securitytracker.com/id?1015900 http://www.kb.cert.org/vuls/id/959649 http://www.securityfocus.com/bid/17455 http://www.vupen.com/english/advisories/2006/1318 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 https://exchange.xforce.ibmcloud.com/vulnerabilities/25552 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1541 https://oval •
CVSS: 7.5EPSS: 94%CPEs: 23EXPL: 1CVE-2006-1188 – Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)
https://notcve.org/view.php?id=CVE-2006-1188
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption. • https://www.exploit-db.com/exploits/1838 http://secunia.com/advisories/18957 http://securitytracker.com/id?1015900 http://www.kb.cert.org/vuls/id/824324 http://www.securityfocus.com/archive/1/435096/30/4710/threaded http://www.us-cert.gov/cas/techalerts/TA06-101A.html http://www.vupen.com/english/advisories/2006/1318 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval& •
CVSS: 4.3EPSS: 91%CPEs: 2EXPL: 3CVE-2006-1626 – Microsoft Internet Explorer 5 - Address Bar Spoofing
https://notcve.org/view.php?id=CVE-2006-1626
Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192. • https://www.exploit-db.com/exploits/27577 http://secunia.com/Internet_Explorer_Address_Bar_Spoofing_Vulnerability_Test http://secunia.com/advisories/19521 http://securitytracker.com/id?1016291 http://www.securityfocus.com/archive/1/429719/100/0/threaded http://www.securityfocus.com/archive/1/429891/100/0/threaded http://www.securityfocus.com/archive/1/440851/100/100/threaded http://www.securityfocus.com/bid/17404 http://www.vupen.com/english/advisories/2006/1218 http://www. • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 65%CPEs: 3EXPL: 1CVE-2006-1388 – Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)
https://notcve.org/view.php?id=CVE-2006-1388
Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors. • https://www.exploit-db.com/exploits/1838 http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1415.html http://jeffrey.vanderstad.net/grasshopper http://news.zdnet.com/2100-1009_22-6052396.html?tag=zdfd.newsfeed http://secunia.com/advisories/19378 http://securitytracker.com/id?1015800 http://www.kb.cert.org/vuls/id/434641 http://www.osvdb.org/24095 http://www.securityfocus.com/bid/17181 http://www.us-cert.gov/cas/techalerts/TA06-101A.html http://www.vupen&# •
CVSS: 9.3EPSS: 97%CPEs: 4EXPL: 6CVE-2006-1359 – Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)
https://notcve.org/view.php?id=CVE-2006-1359
Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer. • https://www.exploit-db.com/exploits/1838 https://www.exploit-db.com/exploits/1628 https://www.exploit-db.com/exploits/1606 https://www.exploit-db.com/exploits/1620 https://www.exploit-db.com/exploits/16578 http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1427.html http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1430.html http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1434.html http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1662. • CWE-94: Improper Control of Generation of Code ('Code Injection') •