ID CVE-2006-2383
Summary Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.
References
Vulnerable Configurations
  • Microsoft Internet Explorer 5.01 Service Pack 4
    cpe:2.3:a:microsoft:ie:5.01:sp4
  • Microsoft Internet Explorer 6 Service Pack 1
    cpe:2.3:a:microsoft:ie:6:sp1
CVSS
Base: 9.3 (as of 14-06-2006 - 12:42)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Microsoft DXImageTransform.Microsoft.Light ActiveX Control Remote Code Execution Vulnerability. CVE-2006-2383. Remote exploit for windows platform
id EDB-ID:27984
last seen 2016-02-03
modified 2006-06-13
published 2006-06-13
reporter Will Dormann
source https://www.exploit-db.com/download/27984/
title Microsoft DXImageTransform.Microsoft.Light ActiveX Control Remote Code Execution Vulnerability
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS06-021.NASL
description The remote host is missing the IE cumulative security update 916281. The remote version of IE is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host.
last seen 2019-02-21
modified 2018-11-15
plugin id 21685
published 2006-06-13
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=21685
title MS06-021: Cumulative Security Update for Internet Explorer (916281)
oval via4
  • accepted 2011-05-16T04:01:53.723-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.
    family windows
    id oval:org.mitre.oval:def:1821
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title ActiveX Control Memory Corruption Vulnerability (S03,SP1)
    version 67
  • accepted 2011-05-16T04:02:01.073-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.
    family windows
    id oval:org.mitre.oval:def:1891
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title ActiveX Control Memory Corruption Vulnerability (XP,SP2)
    version 68
  • accepted 2014-02-24T04:00:25.968-05:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Anna Min
      organization BigFix, Inc
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.
    family windows
    id oval:org.mitre.oval:def:1924
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title ActiveX Control Memory Corruption Vulnerability (Win2K)
    version 70
  • accepted 2014-02-24T04:00:26.104-05:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.
    family windows
    id oval:org.mitre.oval:def:1944
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title ActiveX Control Memory Corruption Vulnerability (2K/XP)
    version 70
  • accepted 2011-05-16T04:02:09.831-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.
    family windows
    id oval:org.mitre.oval:def:1949
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title ActiveX Control Memory Corruption Vulnerability (WinS03)
    version 67
  • accepted 2011-05-16T04:02:17.721-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.
    family windows
    id oval:org.mitre.oval:def:2009
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title ActiveX Control Memory Corruption Vulnerability (64-bit XP)
    version 67
refmap via4
bid 18303
cert TA06-164A
cert-vn VU#417585
ms MS06-021
osvdb 26444
sectrack 1016291
secunia 20595
vupen ADV-2006-2319
xf ie-dximagetransform-execute-code(26768)
Last major update 07-03-2011 - 21:36
Published 13-06-2006 - 15:06
Last modified 12-10-2018 - 17:40
Back to Top