CVE-2006-4301

Microsoft Internet Explorer 6.0 SP1 - DoS via Long Color Attribute in DirectX Media Image Transforms

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-4301. PoCs published by DeltahackingTEAM, XSec.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in dxtmsft.dll (DirectX Media) via Internet Explorer 6.0. It uses a VBScript to trigger the overflow by passing an excessively long string to the Chroma.Color property, potentially leading to remote code execution.

Description

Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1.

Exploits (2)

exploitdb WORKING POC VERIFIED
by DeltahackingTEAM · htmldoswindows
https://www.exploit-db.com/exploits/4251

This exploit targets a buffer overflow vulnerability in dxtmsft.dll (DirectX Media) via Internet Explorer 6.0. It uses a VBScript to trigger the overflow by passing an excessively long string to the Chroma.Color property, potentially leading to remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Internet Explorer 6.0 with dxtmsft.dll (DirectX Media) version 6.00.2900.2180
No auth needed
Prerequisites: Internet Explorer 6.0 with vulnerable dxtmsft.dll · User interaction (clicking a button)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by XSec · htmldoswindows
https://www.exploit-db.com/exploits/28421

This exploit targets a denial-of-service vulnerability in Microsoft Internet Explorer by instantiating specific COM objects and attempting to set their 'Color' property with an excessively large string. The PoC demonstrates the crash potential but does not confirm remote code execution.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Internet Explorer (tested on Windows 2000 SP4/XP SP2)
No auth needed
Prerequisites: Victim must visit a malicious webpage using a vulnerable version of Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/29524
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1439
Exploit, Vendor Advisory x_refsource_misc
http://xsec.org/index.php?module=releases&act=view&type=1&id=17
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/443907/100/0/threaded
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4251
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19640
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/29525
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28516

Scores

EPSS 0.3896
EPSS Percentile 98.4%

Details

CWE
CWE-20
Status published
Products (1)
microsoft/ie 6.0 sp1
Published Aug 23, 2006
Tracked Since Feb 18, 2026