ID CVE-2006-2383
Summary Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:ie:5.01:sp4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6:sp1:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 12-10-2018 - 21:40)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2011-05-16T04:01:53.723-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.
    family windows
    id oval:org.mitre.oval:def:1821
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title ActiveX Control Memory Corruption Vulnerability (S03,SP1)
    version 67
  • accepted 2011-05-16T04:02:01.073-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.
    family windows
    id oval:org.mitre.oval:def:1891
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title ActiveX Control Memory Corruption Vulnerability (XP,SP2)
    version 68
  • accepted 2014-02-24T04:00:25.968-05:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Anna Min
      organization BigFix, Inc
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.
    family windows
    id oval:org.mitre.oval:def:1924
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title ActiveX Control Memory Corruption Vulnerability (Win2K)
    version 70
  • accepted 2014-02-24T04:00:26.104-05:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.
    family windows
    id oval:org.mitre.oval:def:1944
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title ActiveX Control Memory Corruption Vulnerability (2K/XP)
    version 70
  • accepted 2011-05-16T04:02:09.831-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.
    family windows
    id oval:org.mitre.oval:def:1949
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title ActiveX Control Memory Corruption Vulnerability (WinS03)
    version 67
  • accepted 2011-05-16T04:02:17.721-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    description Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.
    family windows
    id oval:org.mitre.oval:def:2009
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title ActiveX Control Memory Corruption Vulnerability (64-bit XP)
    version 67
refmap via4
bid 18303
cert TA06-164A
cert-vn VU#417585
ms MS06-021
osvdb 26444
sectrack 1016291
secunia 20595
vupen ADV-2006-2319
xf ie-dximagetransform-execute-code(26768)
Last major update 12-10-2018 - 21:40
Published 13-06-2006 - 19:06
Back to Top