CVE-2006-4301

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer version 6.0 SP1

Description The issue allows remote attackers to cause a denial of service, resulting in a crash, by utilizing a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects. These objects include DXImageTransform.Microsoft.MaskFilter.1, DXImageTransform.Microsoft.Chroma.1, and DX3DTransform.Microsoft.Shapes.1 from the dxtmsft.dll and dxtmsft3.dll libraries.

Recommendations For Microsoft Internet Explorer version 6.0 SP1, consider disabling the use of DirectX Media Image DirectX Transforms ActiveX COM Objects, specifically DXImageTransform.Microsoft.MaskFilter.1, DXImageTransform.Microsoft.Chroma.1, and DX3DTransform.Microsoft.Shapes.1, until a patch is available. Restrict access to the dxtmsft.dll and dxtmsft3.dll libraries to minimize the risk of exploitation. Avoid using long Color attributes in these ActiveX objects to prevent potential crashes.