Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3638

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3638
Last Modified 07 Mar 2011 12:00:00
Published 08 Aug 2006 07:04:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3638

Summary

Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM Object Instantiation Memory Corruption Vulnerability."

Vulnerable Systems

Application

  • Microsoft Ie 5.0.1

  • Microsoft Ie 6.0


References

CERT - TA06-220A

CERT-VN - VU#959049

MS - MS06-042

VUPEN - ADV-2006-3212

MISC - http://www.tippingpoint.com/security/advisories/TSRT-06-09.html

BID - 19340

BUGTRAQ - 20060808 TSRT-06-09: Microsoft DirectAnimation COM Object Memory Corruption Vulnerability

OSVDB - 27852

SECTRACK - 1016663

SECUNIA - 21396


Last Updated: 27 May 2016 10:43:05