CVE-2006-4301

Microsoft IE - Improper Input Validation

Title source: rule

Description

Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1.

Exploits (2)

exploitdb WORKING POC VERIFIED

by DeltahackingTEAM · htmldoswindows

https://www.exploit-db.com/exploits/4251

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by XSec · htmldoswindows

https://www.exploit-db.com/exploits/28421

View Code ZIP pw:eip

References (8)

[Third Party Advisory, VDB Entry] http://www.osvdb.org/29524

[Third Party Advisory] http://securityreason.com/securityalert/1439

[Exploit, Vendor Advisory] http://xsec.org/index.php?module=releases&act=view&type=1&id=17

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/443907/100/0/threaded

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4251

[Exploit] http://www.securityfocus.com/bid/19640

[Third Party Advisory, VDB Entry] http://www.osvdb.org/29525

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/28516

Scores

EPSS 0.3938

EPSS Percentile 97.3%

Details

CWE

CWE-20

Status published

Products (1)

microsoft/ie 6.0 sp1

Published Aug 23, 2006

Tracked Since Feb 18, 2026