CVE-2006-4193 - Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a d

CVE-2006-4193

Summary

Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. NOTE: it is not certain whether the issue is in Internet Explorer or the individual DLL files.

References

Vulnerable Configurations

cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 23-07-2021 - 12:55)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	19521 19529 19530
bugtraq	20060815 [XSec-06-02]: Internet Explorer (IMSKDIC.DLL) COM Object Instantiation Vulnerability 20060815 [XSec-06-03]: Internet Explorer (CHTSKDIC.DLL) COM Object Instantiation Vulnerability 20060815 [XSec-06-04]: Internet Explorer (msoe.dll) COM Object Instantiation Vulnerability
misc	http://www.xsec.org/index.php?module=releases&act=view&type=1&id=10 http://www.xsec.org/index.php?module=releases&act=view&type=1&id=8 http://www.xsec.org/index.php?module=releases&act=view&type=1&id=9
osvdb	29345 29346 29347
sreason	1402
xf	ie-chtskdic-dos(28438) ie-imskdic-dos(28436) ie-msoe-dos(28439)

Last major update

23-07-2021 - 12:55

Published

17-08-2006 - 01:04

Last modified

23-07-2021 - 12:55