CVE-2006-4777

Name of the Vulnerable Software and Affected Versions Internet Explorer 6.0 SP1

Description The issue allows remote attackers to execute arbitrary code via manipulations in arguments to the KeyFrame method of the DirectAnimation Path Control COM object. This could be related to an integer overflow. The vulnerability can be exploited if the ActiveX controls are passed unexpected data, potentially allowing remote code execution if a user visits a specially crafted Web page. An attacker who successfully exploits this issue could take complete control of an affected system.

Recommendations For Internet Explorer 6.0 SP1, consider disabling the DirectAnimation ActiveX controls until a patch is available. Restrict access to the daxctle.ocx COM object to minimize the risk of exploitation. Avoid using the KeyFrame method in the affected ActiveX controls until the issue is resolved.