CVE-2006-2383

Microsoft Internet Explorer <6 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2383. PoCs published by Will Dormann.

AI-analyzed exploit summary This exploit targets a vulnerability in the DXImageTransform.Microsoft.Light ActiveX control (dxtmsft.dll) by passing negative parameters to the moveLight method, causing an access violation and potential remote code execution in Internet Explorer 6.

Description

Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Will Dormann · textremotewindows

https://www.exploit-db.com/exploits/27984

View Code ZIP pw:eip

This exploit targets a vulnerability in the DXImageTransform.Microsoft.Light ActiveX control (dxtmsft.dll) by passing negative parameters to the moveLight method, causing an access violation and potential remote code execution in Internet Explorer 6.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer 6 with DirectX Media

No auth needed

Prerequisites: Victim must visit a malicious webpage using Internet Explorer 6 · ActiveX controls must be enabled

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15

Core References

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1924

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20595

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/2319

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/18303

Patch vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1016291

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA06-164A.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/26768

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2009

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/26444

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1821

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/417585

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1891

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1949

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1944

Scores

EPSS 0.4030

EPSS Percentile 98.5%

Details

Status published

Products (2)

microsoft/internet_explorer 5.01 sp4

microsoft/internet_explorer 6 sp1

Published Jun 13, 2006

Tracked Since Feb 18, 2026