PT-2006-5110 · Microsoft · Directx+1
Dr.Pantagon
·
Published
2006-08-23
·
Updated
2018-10-17
·
CVE-2006-4301
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Microsoft Internet Explorer version 6.0 SP1
Description
The issue allows remote attackers to cause a denial of service, resulting in a crash, by utilizing a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects. These objects include DXImageTransform.Microsoft.MaskFilter.1, DXImageTransform.Microsoft.Chroma.1, and DX3DTransform.Microsoft.Shapes.1 from the dxtmsft.dll and dxtmsft3.dll libraries.
Recommendations
For Microsoft Internet Explorer version 6.0 SP1, consider disabling the use of DirectX Media Image DirectX Transforms ActiveX COM Objects, specifically DXImageTransform.Microsoft.MaskFilter.1, DXImageTransform.Microsoft.Chroma.1, and DX3DTransform.Microsoft.Shapes.1, until a patch is available. Restrict access to the dxtmsft.dll and dxtmsft3.dll libraries to minimize the risk of exploitation. Avoid using long Color attributes in these ActiveX objects to prevent potential crashes.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Directx
Internet Explorer