Vulnerability Name: | CVE-2006-4494 (CCN-28511) | ||||||||
Assigned: | 2006-08-18 | ||||||||
Published: | 2006-08-18 | ||||||||
Updated: | 2018-10-17 | ||||||||
Summary: | Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects in Internet Explorer, including (1) tcprops.dll, (2) fp30wec.dll, (3) mdt2db.dll, (4) mdt2qd.dll, and (5) vi30aut.dll. | ||||||||
CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 6.4 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:U/RC:UR)
4.4 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:U/RC:UR)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Denial of Service | ||||||||
References: | Source: MITRE Type: CNA CVE-2006-4494 Source: SREASON Type: UNKNOWN 1473 Source: CCN Type: OSVDB ID: 29501 Microsoft Visual Studio Multiple ActiveX COM Object Remote Memory Corruption Source: BUGTRAQ Type: UNKNOWN 20060817 [XSec-06-07]: Visual Studio 6.0 Multiple COM Object Instantiation Vulnerability Source: BID Type: UNKNOWN 19572 Source: CCN Type: BID-19572 Microsoft Internet Explorer Visual Studio COM Object Instantiation Denial of Service Vulnerability Source: CCN Type: XSec Security Advisory XSec-06-07 Visual Studio 6.0 Multiple COM Object Instantiation Vulnerability Source: MISC Type: Exploit, Vendor Advisory http://www.xsec.org/index.php?module=releases&act=view&type=1&id=15 Source: XF Type: UNKNOWN ie-vs-com-dos(28511) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |