SB2006091403 - Multiple vulnerabilities in Microsoft Internet Explorer

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2006091403

SB2006091403 - Multiple vulnerabilities in Microsoft Internet Explorer

Published: September 14, 2006 Updated: December 7, 2016

Security Bulletin ID SB2006091403
Severity
Critical
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Critical 67% High 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Memory corruption (CVE-ID: CVE-2006-4687)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to memory corruption when handling certain layout combinations during HTML rendering process, which involve DIV tags and HTML CSS float properties. A remote attacker can create a specially crafted web page, trick the victim into opening it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: this vulnerability is being actively exploited.


2) Heap-based buffer overflow (CVE-ID: CVE-2006-4446)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to heap-based buffer overflow in DirectAnimation.PathControl ActiveX control (daxctle.ocx) when handling unexpected input. A remote attacker can create a specially crafted web page, trick the victim into opening it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: this vulnerability is being actively exploited.


3) Heap-based buffer overflow (CVE-ID: CVE-2006-4777)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to heap-based buffer overflow within DirectAnimation Path ActiveX control (daxctle.ocx) when handling unexpected input. A remote attacker can create a specially crafted web page, trick the victim into opening it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: this vulnerability is being actively exploited.


Remediation

Install update from vendor's website.

References