Nop

**Name of the Vulnerable Software and Affected Versions** Internet Explorer 6.0 SP1 **Description** The issue allows remote attackers to execute arbitrary code via manipulations in arguments to the `KeyFrame` method of the DirectAnimation Path Control COM object. This could be related to an integer overflow. The vulnerability can be exploited if the ActiveX controls are passed unexpected data, potentially allowing remote code execution if a user visits a specially crafted Web page. An attacker who successfully exploits this issue could take complete control of an affected system. **Recommendations** For Internet Explorer 6.0 SP1, consider disabling the DirectAnimation ActiveX controls until a patch is available. Restrict access to the `daxctle.ocx` COM object to minimize the risk of exploitation. Avoid using the `KeyFrame` method in the affected ActiveX controls until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Microsoft Visual Studio version 6.0 **Description** The issue allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects in Internet Explorer, including (1) tcprops.dll, (2) fp30wec.dll, (3) mdt2db.dll, (4) mdt2qd.dll, and (5) vi30aut.dll. **Recommendations** For Microsoft Visual Studio version 6.0, consider disabling the instantiation of the specified ActiveX COM Objects in Internet Explorer as a temporary workaround until a patch is available. Restrict access to these objects to minimize the risk of exploitation. Avoid using these objects in Internet Explorer until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects, including `ciodm.dll`, `myinfo.dll`, `msdxm.ocx`, and `creator.dll`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer 6.0 SP1 **Description** The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points. Remote code execution is possible if the ActiveX controls are passed unexpected data, which could be achieved by constructing a specially crafted Web page. If successfully exploited, an attacker could take complete control of an affected system. **Recommendations** For Microsoft Internet Explorer 6.0 SP1, consider disabling the use of DirectAnimation ActiveX controls until a patch is available. Restrict access to specially crafted Web pages to minimize the risk of exploitation. Avoid using the Spline function with a large number of points in the `daxctle.ocx` COM object until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows 2003 EE SP1 CN Internet Explorer 6.0 SP1 **Description** The issue allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating the Terminal Services COM object (tsuserex.dll) as an ActiveX object in Internet Explorer. **Recommendations** For Microsoft Windows 2003 EE SP1 CN, update the system to prevent exploitation. For Internet Explorer 6.0 SP1, avoid instantiating the Terminal Services COM object (tsuserex.dll) as an ActiveX object until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer version 6.0 SP1 **Description** The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls. This includes instantiating certain DLL files, such as `imskdic.dll` (Microsoft IME), `chtskdic.dll` (Microsoft IME), and `msoe.dll` (Outlook), which leads to memory corruption. **Recommendations** For Microsoft Internet Explorer version 6.0 SP1, consider restricting the instantiation of COM objects as ActiveX controls to minimize the risk of exploitation. As a temporary workaround, avoid using the affected DLL files, including `imskdic.dll`, `chtskdic.dll`, and `msoe.dll`, until a patch is available.