Internet Explorer isComponentInstalled buffer overflow

Added: 03/16/2006
CVE: CVE-2006-1016
BID: 16870
OSVDB: 31647

Background

The isComponentInstalled method allows scripts to determine which components are installed.

Problem

Internet Explorer is affected by a buffer overflow in the isComponentInstalled method which can lead to remote command execution.

Resolution

Apply Windows 2000 Service Pack 4 or Windows XP Service Pack 2.

References

http://www.securityfocus.com/bid/16870

Limitations

Exploit works on Internet Explorer 5.01 SP3 and 6.0 SP0 and requires a user to load the exploit URL.

Platforms

Windows 2000
Windows XP

Back to exploit index