PT-2006-4510 · Microsoft · Directanimation.Datuple+1
Cody Pierce
+1
·
Published
2006-08-08
·
Updated
2021-07-23
·
CVE-2006-3638
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Microsoft Internet Explorer versions 5.01 through 6
Description
The issue arises from the improper handling of uninitialized COM objects, which can lead to memory corruption and potentially allow the execution of arbitrary code. This can be exploited through a specially crafted web page, potentially enabling an attacker to take complete control of an affected system.
Recommendations
For Microsoft Internet Explorer versions 5.01 through 6, consider disabling the instantiation of COM objects not intended for use in Internet Explorer as a temporary workaround until a patch is available. Restrict access to potentially vulnerable ActiveX controls, such as DirectAnimation.DATuple, to minimize the risk of exploitation.
Fix
RCE
DoS
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Directanimation.Datuple
Internet Explorer