Vulnerability CVE-2006-4219

Vulnerability Name:

CVE-2006-4219 (CCN-28444)

Assigned:

2006-08-18

Published:

2006-08-18

Updated:

2018-10-17

Summary:

The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.

CVSS v3 Severity:

5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.4 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
4.4 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2006-4219

Source: SREASON
Type: UNKNOWN
1403

Source: CCN
Type: OSVDB ID: 29351
Microsoft Windows Terminal Services tsuserex.dll COM Object Instantiation

Source: BUGTRAQ
Type: UNKNOWN
20060817 [XSec-06-06]: Windows 2003 (tsuserex.dll) COM Object Instantiation Vulnerability

Source: BID
Type: Exploit
19570

Source: CCN
Type: BID-19570
Microsoft Internet Explorer TSUserEX.DLL ActiveX Control Memory Corruption Vulnerability

Source: CCN
Type: XSec Security Advisory XSec-06-06
Windows 2003 (tsuserex.dll) COM Object Instantiation Vulnerability

Source: MISC
Type: Exploit
http://www.xsec.org/index.php?module=Releases&act=view&type=1&id=14

Source: XF
Type: UNKNOWN
ie-tsuserex-dos(28444)

Source: XF
Type: UNKNOWN
ie-tsuserex-dos(28444)

Vulnerable Configuration:

Configuration 1:

cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*

OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*

OR cpe:/a:microsoft:ie:6.0:sp2:*:*:*:*:*:*

Denotes that component is vulnerable

BACK