Vulnerabilities > CVE-2006-2383 - Unspecified vulnerability in Microsoft Internet Explorer 5.01/6
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | Microsoft DXImageTransform.Microsoft.Light ActiveX Control Remote Code Execution Vulnerability. CVE-2006-2383. Remote exploit for windows platform |
id | EDB-ID:27984 |
last seen | 2016-02-03 |
modified | 2006-06-13 |
published | 2006-06-13 |
reporter | Will Dormann |
source | https://www.exploit-db.com/download/27984/ |
title | Microsoft DXImageTransform.Microsoft.Light ActiveX Control Remote Code Execution Vulnerability |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS06-021.NASL |
description | The remote host is missing the IE cumulative security update 916281. The remote version of IE is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21685 |
published | 2006-06-13 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/21685 |
title | MS06-021: Cumulative Security Update for Internet Explorer (916281) |
code |
|
Oval
accepted 2011-05-16T04:01:53.723-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution. family windows id oval:org.mitre.oval:def:1821 status accepted submitted 2006-06-14T09:55:00.000-04:00 title ActiveX Control Memory Corruption Vulnerability (S03,SP1) version 68 accepted 2011-05-16T04:02:01.073-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Dragos Prisaca organization Gideon Technologies, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution. family windows id oval:org.mitre.oval:def:1891 status accepted submitted 2006-06-14T09:55:00.000-04:00 title ActiveX Control Memory Corruption Vulnerability (XP,SP2) version 69 accepted 2014-02-24T04:00:25.968-05:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Anna Min organization BigFix, Inc name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc. name Maria Mikhno organization ALTX-SOFT
description Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution. family windows id oval:org.mitre.oval:def:1924 status accepted submitted 2006-06-14T09:55:00.000-04:00 title ActiveX Control Memory Corruption Vulnerability (Win2K) version 71 accepted 2014-02-24T04:00:26.104-05:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc. name Maria Mikhno organization ALTX-SOFT
description Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution. family windows id oval:org.mitre.oval:def:1944 status accepted submitted 2006-06-14T09:55:00.000-04:00 title ActiveX Control Memory Corruption Vulnerability (2K/XP) version 71 accepted 2011-05-16T04:02:09.831-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Jonathan Baker organization The MITRE Corporation name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution. family windows id oval:org.mitre.oval:def:1949 status accepted submitted 2006-06-14T09:55:00.000-04:00 title ActiveX Control Memory Corruption Vulnerability (WinS03) version 68 accepted 2011-05-16T04:02:17.721-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution. family windows id oval:org.mitre.oval:def:2009 status accepted submitted 2006-06-14T09:55:00.000-04:00 title ActiveX Control Memory Corruption Vulnerability (64-bit XP) version 68
References
- http://www.kb.cert.org/vuls/id/417585
- http://www.securityfocus.com/bid/18303
- http://www.us-cert.gov/cas/techalerts/TA06-164A.html
- http://securitytracker.com/id?1016291
- http://secunia.com/advisories/20595
- http://www.osvdb.org/26444
- http://www.vupen.com/english/advisories/2006/2319
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26768
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2009
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1949
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1944
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1924
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1891
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1821
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021