Vulnerability Name:

CVE-2006-4193 (CCN-28436)

Assigned:2006-08-15
Published:2006-08-15
Updated:2021-07-23
Summary:Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption.
Note: it is not certain whether the issue is in Internet Explorer or the individual DLL files.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.4 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
4.4 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2006-4193

Source: SREASON
Type: UNKNOWN
1402

Source: OSVDB
Type: UNKNOWN
29345

Source: OSVDB
Type: UNKNOWN
29346

Source: OSVDB
Type: UNKNOWN
29347

Source: CCN
Type: OSVDB ID: 29345
Microsoft IE imskdic.dll COM Object Instantiation Code Execution

Source: CCN
Type: OSVDB ID: 29346
Microsoft IE chtskdic.dll COM Object Instantiation Code Execution

Source: CCN
Type: OSVDB ID: 29347
Microsoft IE msoe.dll COM Object Instantiation Code Execution

Source: BUGTRAQ
Type: UNKNOWN
20060815 [XSec-06-02]: Internet Explorer (IMSKDIC.DLL) COM Object Instantiation Vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20060815 [XSec-06-03]: Internet Explorer (CHTSKDIC.DLL) COM Object Instantiation Vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20060815 [XSec-06-04]: Internet Explorer (msoe.dll) COM Object Instantiation Vulnerability

Source: BID
Type: Exploit
19521

Source: CCN
Type: BID-19521
Microsoft Internet Explorer IMSKDIC.DLL Denial Of Service Vulnerability

Source: BID
Type: Exploit
19529

Source: CCN
Type: BID-19529
Microsoft Internet Explorer CHTSKDIC.DLL Arbitrary Code Execution Vulnerability

Source: BID
Type: Exploit
19530

Source: CCN
Type: BID-19530
Microsoft Internet Explorer MSOE.DLL Denial Of Service Vulnerability

Source: MISC
Type: Exploit, Vendor Advisory
http://www.xsec.org/index.php?module=releases&act=view&type=1&id=10

Source: CCN
Type: XSec Security Advisory XSec-06-02
Internet Explorer (IMSKDIC.DLL) COM Object Instantiation Vulnerability

Source: MISC
Type: Exploit, Vendor Advisory
http://www.xsec.org/index.php?module=releases&act=view&type=1&id=8

Source: MISC
Type: Exploit, Vendor Advisory
http://www.xsec.org/index.php?module=releases&act=view&type=1&id=9

Source: XF
Type: UNKNOWN
ie-imskdic-dos(28436)

Source: XF
Type: UNKNOWN
ie-imskdic-dos(28436)

Source: XF
Type: UNKNOWN
ie-chtskdic-dos(28438)

Source: XF
Type: UNKNOWN
ie-msoe-dos(28439)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:ie:6.0:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp2:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2006-4193 (CCN-28438)

    Assigned:2006-08-15
    Published:2006-08-15
    Updated:2006-08-15
    Summary:Microsoft Internet Explorer is vulnerable to a denial of service, caused by a memory corruption error when the Microsoft IME (chtskdic.dll) COM object is instantiated as an ActiveX control. A remote attacker could exploit this vulnerability to cause a victim's browser to crash or possibly execute arbitrary code on the victim's system, if the attacker could persuade the victim to visit a malicious Web page.
    CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): High
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    6.4 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:U/RC:UR)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
    4.4 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:U/RC:UR)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Denial of Service
    References:Source: MITRE
    Type: CNA
    CVE-2006-4193

    Source: CCN
    Type: Microsoft Corporation Web site
    Cumulative Update for Internet Explorer 7 for Windows Server 2003

    Source: CCN
    Type: OSVDB ID: 29345
    Microsoft IE imskdic.dll COM Object Instantiation Code Execution

    Source: CCN
    Type: OSVDB ID: 29346
    Microsoft IE chtskdic.dll COM Object Instantiation Code Execution

    Source: CCN
    Type: OSVDB ID: 29347
    Microsoft IE msoe.dll COM Object Instantiation Code Execution

    Source: CCN
    Type: BID-19521
    Microsoft Internet Explorer IMSKDIC.DLL Denial Of Service Vulnerability

    Source: CCN
    Type: BID-19529
    Microsoft Internet Explorer CHTSKDIC.DLL Arbitrary Code Execution Vulnerability

    Source: CCN
    Type: BID-19530
    Microsoft Internet Explorer MSOE.DLL Denial Of Service Vulnerability

    Source: CCN
    Type: XSec Security Advisory XSec-06-03
    Internet Explorer (CHTSKDIC.DLL) COM Object Instantiation Vulnerability

    Source: XF
    Type: UNKNOWN
    ie-chtskdic-dos(28438)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp2:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2006-4193 (CCN-28439)

    Assigned:2006-08-15
    Published:2006-08-15
    Updated:2018-10-17
    Summary:Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption.
    Note: it is not certain whether the issue is in Internet Explorer or the individual DLL files.
    CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): High
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    6.4 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:U/RC:UR)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
    4.4 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:U/RC:UR)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Type:CWE-Other
    Vulnerability Consequences:Denial of Service
    References:Source: MITRE
    Type: CNA
    CVE-2006-4193

    Source: CCN
    Type: OSVDB ID: 29345
    Microsoft IE imskdic.dll COM Object Instantiation Code Execution

    Source: CCN
    Type: OSVDB ID: 29346
    Microsoft IE chtskdic.dll COM Object Instantiation Code Execution

    Source: CCN
    Type: OSVDB ID: 29347
    Microsoft IE msoe.dll COM Object Instantiation Code Execution

    Source: CCN
    Type: BID-19521
    Microsoft Internet Explorer IMSKDIC.DLL Denial Of Service Vulnerability

    Source: CCN
    Type: BID-19529
    Microsoft Internet Explorer CHTSKDIC.DLL Arbitrary Code Execution Vulnerability

    Source: CCN
    Type: BID-19530
    Microsoft Internet Explorer MSOE.DLL Denial Of Service Vulnerability

    Source: CCN
    Type: XSec Security Advisory XSec-06-04
    Internet Explorer (msoe.dll) COM Object Instantiation Vulnerability

    Source: XF
    Type: UNKNOWN
    ie-msoe-dos(28439)

    BACK
    microsoft ie 6.0 sp2
    microsoft internet explorer 6.0
    microsoft ie 6.0 sp1
    microsoft ie 6.0
    microsoft ie 6.0 sp1
    microsoft ie 6.0 sp2
    microsoft ie 6.0
    microsoft ie 6.0 sp1
    microsoft ie 6.0 sp2