CVE-2006-1303

Опубликовано: 13 июн. 2006

Источник: nvd

CVSS2: 9.3

EPSS Средний

Описание

Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:ie:5.0.1:*:windows_2000:*:*:*:*:*

cpe:2.3:a:microsoft:ie:5.0.1:*:windows_95:*:*:*:*:*

cpe:2.3:a:microsoft:ie:5.0.1:*:windows_98:*:*:*:*:*

cpe:2.3:a:microsoft:ie:5.0.1:*:windows_nt_4.0:*:*:*:*:*

cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.58944

Средний

9.3 Critical

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-2frj-fwfm-cr3g

github

почти 4 года назад