CVE-2006-4446
Microsoft Internet Explorer 5.0.1 - Daxctle.OCX Spline Method Heap Buffer Overflow
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points.
Desbordamiento de búfer basado en montículo en el objeto COM DirectAnimation.PathControl (daxctle.ocx) en Microsoft Internet Explorer 6.0 SP1 permite a atacantes remotos provocar una denegación de servicio y posiblemente ejecutar código de su elección mediante una llamada a la función Spline cuyo primer argumento especifica un número grande de puntos.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2006-08-28 First Exploit
- 2006-08-29 CVE Reserved
- 2006-08-30 CVE Published
- 2024-07-20 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (12)
URL | Tag | Source |
---|---|---|
http://secunia.com/advisories/21910 | Third Party Advisory | |
http://securityreason.com/securityalert/1468 | Third Party Advisory | |
http://securitytracker.com/id?1016764 | Vdb Entry | |
http://www.osvdb.org/28841 | Vdb Entry | |
http://www.securityfocus.com/archive/1/444504/100/0/threaded | Mailing List | |
http://www.us-cert.gov/cas/techalerts/TA06-318A.html | Third Party Advisory | |
http://www.xsec.org/index.php?module=releases&act=view&type=1&id=19 | X_refsource_misc | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/28608 | Vdb Entry | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A437 | Signature |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/28438 | 2006-08-28 | |
http://www.securityfocus.com/bid/19738 | 2024-08-07 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067 | 2018-10-17 |