CVE-2006-4777

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446.

References

http://secunia.com/advisories/21910

http://securityreason.com/securityalert/1577

http://securitytracker.com/id?1016854

http://www.kb.cert.org/vuls/id/377369

http://www.microsoft.com/technet/security/advisory/925444.mspx

http://www.osvdb.org/28842

http://www.securityfocus.com/archive/1/445898/100/0/threaded

http://www.securityfocus.com/archive/1/446065/100/0/threaded

http://www.securityfocus.com/archive/1/446084/100/0/threaded

http://www.securityfocus.com/archive/1/446085/100/0/threaded

http://www.securityfocus.com/archive/1/446246/100/0/threaded

http://www.securityfocus.com/bid/20047

http://www.us-cert.gov/cas/techalerts/TA06-318A.html

http://www.vupen.com/english/advisories/2006/3593

http://www.xsec.org/index.php?module=releases&act=view&type=2&id=20

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067

https://exchange.xforce.ibmcloud.com/vulnerabilities/28942

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1103

Details

Source: MITRE

Published: 2006-09-14

Updated: 2018-10-17

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.6

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 4.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*

Tenable Plugins

View all (1 total)

IDNameProductFamilySeverity
23644MS06-067: Cumulative Security Update for Internet Explorer (922760)NessusWindows : Microsoft Bulletins
high