CVE-2006-1189

Published: Apr 11, 2006Modified: Apr 16, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS), aka the "Double Byte Character Parsing Memory Corruption Vulnerability."

Affected (4)

Products: Microsoft: Internet Explorer

1 product

Internet Explorer

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 5.01
Microsoft Internet Explorer	Version 5.1
Microsoft Internet Explorer	Version 5.5
Microsoft Internet Explorer	Version 6.0

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (24)

http://archives.neohapsis.com/archives/bugtraq/2006-04/0227.html

Source: secure@microsoft.com

http://secunia.com/advisories/18957

Source: secure@microsoft.com

Vendor Advisory

http://securitytracker.com/id?1015900

Source: secure@microsoft.com

http://www.kb.cert.org/vuls/id/341028

Source: secure@microsoft.com

US Government Resource

http://www.securityfocus.com/bid/17454

Source: secure@microsoft.com

http://www.us-cert.gov/cas/techalerts/TA06-101A.html

Source: secure@microsoft.com

US Government Resource

http://www.vupen.com/english/advisories/2006/1318

Source: secure@microsoft.com

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013

Source: secure@microsoft.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/25551

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1020

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1484

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A792

Source: secure@microsoft.com

http://archives.neohapsis.com/archives/bugtraq/2006-04/0227.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/18957

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1015900

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/341028

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.securityfocus.com/bid/17454

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA06-101A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2006/1318

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/25551

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1020

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1484

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A792

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.