CVE-2006-4495

Microsoft IE - Denial of Service

Title source: rule

Description

Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.

Exploits (1)

exploitdb WORKING POC VERIFIED

by nop · htmldoswindows

https://www.exploit-db.com/exploits/28420

View Code ZIP pw:eip

References (5)

[Third Party Advisory] http://securityreason.com/securityalert/1474

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/19636

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/443896/100/100/threaded

[Various Sources] http://www.xsec.org/index.php?module=Releases&act=view&type=1&id=16

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/28512

Scores

EPSS 0.5499

EPSS Percentile 98.1%

Details

Status published

Products (5)

microsoft/ie 6.0 sp1

microsoft/windows_2003_server 2000_server (5 CPE variants)

microsoft/windows_2003_server advanced_server (5 CPE variants)

microsoft/windows_2003_server datacenter_server (5 CPE variants)

microsoft/windows_2003_server professional (5 CPE variants)

Published Aug 31, 2006

Tracked Since Feb 18, 2026