CVE-2006-4494

Microsoft Visual Studio - Denial of Service

Title source: rule

Description

Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects in Internet Explorer, including (1) tcprops.dll, (2) fp30wec.dll, (3) mdt2db.dll, (4) mdt2qd.dll, and (5) vi30aut.dll.

Exploits (1)

exploitdb WORKING POC VERIFIED

by XSec · htmldoswindows

https://www.exploit-db.com/exploits/28401

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/443499/100/100/threaded

[Exploit, Vendor Advisory] http://www.xsec.org/index.php?module=releases&act=view&type=1&id=15

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/19572

[Third Party Advisory] http://securityreason.com/securityalert/1473

Scores

EPSS 0.5161

EPSS Percentile 97.9%

Details

Status published

Products (1)

microsoft/visual_studio 6.0 (2 CPE variants)

Published Aug 31, 2006

Tracked Since Feb 18, 2026