CVE-2006-4301
Microsoft Internet Explorer 6 - DirectX Media Remote Overflow Denial of Service
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1.
Microsoft Internet Explorer 6.0 SP1 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un atributo Color largo en múltiples objetos DirectX Media Image DirectX Transforms ActiveX COM de (a) dxtmsft.dll y (b) dxtmsft3.dll, incluyendo (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1 y (3) DX3DTransform.Microsoft.Shapes.1.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-08-21 First Exploit
- 2006-08-22 CVE Reserved
- 2006-08-23 CVE Published
- 2024-04-28 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://securityreason.com/securityalert/1439 | Third Party Advisory | |
| http://www.osvdb.org/29524 | Vdb Entry | |
| http://www.osvdb.org/29525 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/443907/100/0/threaded | Mailing List | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/28516 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/4251 | 2024-08-07 | |
| https://www.exploit-db.com/exploits/28421 | 2006-08-21 | |
| http://www.securityfocus.com/bid/19640 | 2024-08-07 | |
| http://xsec.org/index.php?module=releases&act=view&type=1&id=17 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|