Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1303

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2006-1303
Last Modified 15 Apr 2011 12:00:00
Published 13 Jun 2006 03:06:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-1303

Summary

Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection.

Vulnerable Systems

Application

  • Microsoft Ie 5.0.1

  • Microsoft Ie 6.0


References

CERT-VN - VU#959049

BID - 18328

MS - MS06-021

XF - ie-wmm2fxadll-execute-code(26774)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-06-018.html

VUPEN - ADV-2006-2319

BUGTRAQ - 20060613 ZDI-06-018: Microsoft Internet Explorer DXImageTransform ActiveX Memory Corruption Vulnerability

OSVDB - 26442

SECTRACK - 1016291

SECUNIA - 20595


Last Updated: 27 May 2016 10:42:00