| Revision Date: | 2015-08-03 | Version: | 51 | | Title: | COM Object Instantiation Memory Corruption Vulnerability | | Description: | Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM Object Instantiation Memory Corruption Vulnerability." | | Family: | windows | Class: | vulnerability | | Status: | ACCEPTED | Reference(s): | CVE-2006-3638
| | Platform(s): | Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows XP
| Product(s): | Microsoft Internet Explorer
| | Definition Synopsis | | Server 2003-Gold Microsoft Windows Server 2003 (x86) Gold is installed
AND Microsoft Internet Explorer 6 is installed
AND the version of mshtml.dll is less than 6.0.3790.554
XP,SP1 (64-bit) and Server 2003, SP1
Windows XP (64-bit,SP1) or Server 2003 (SP1) is installed
Microsoft Windows XP SP1 (64-bit) is installed
OR Microsoft Windows Server 2003 SP1 (x86) is installed
AND Microsoft Internet Explorer 6 is installed
AND the version of mshtml.dll is less than 6.0.3790.2759
IE 6 on Windows XP,SP2
Microsoft Windows XP SP2 or later is installed
AND Microsoft Internet Explorer 6 is installed
AND Mshtml.dll version is less than 6.0.2900.2963
IE 6 on Windows 2000 or XP,SP1 (32-bit)
Win2K,SP4 or XP,SP1 (32-bit) is installed
Microsoft Windows 2000 SP4 or later is installed
OR Microsoft Windows XP SP1 (32-bit) is installed
AND Microsoft Internet Explorer 6 is installed
AND the version of mshtml.dll is less than 6.0.2800.1561
IE 5.01,SP4 on Win2k,SP4
Microsoft Windows 2000 SP4 or later is installed
AND Microsoft Internet Explorer 5.01 SP4 is installed
AND the version of mshtml.dll is less than 5.0.3842.3000
|
|