CVE-2006-4446

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer 6.0 SP1

Description The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points. Remote code execution is possible if the ActiveX controls are passed unexpected data, which could be achieved by constructing a specially crafted Web page. If successfully exploited, an attacker could take complete control of an affected system.

Recommendations For Microsoft Internet Explorer 6.0 SP1, consider disabling the use of DirectAnimation ActiveX controls until a patch is available. Restrict access to specially crafted Web pages to minimize the risk of exploitation. Avoid using the Spline function with a large number of points in the daxctle.ocx COM object until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.