1. CVE-Search
  2. CVE-2006-4495
ID CVE-2006-4495
Summary Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:2000_server:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:2000_server:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:2000_server:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:2000_server:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:2000_server:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:2000_server:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:2000_server:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:2000_server:sp3:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:2000_server:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:2000_server:sp4:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:advanced_server:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:advanced_server:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:advanced_server:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:advanced_server:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:advanced_server:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:advanced_server:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:advanced_server:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:advanced_server:sp3:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:advanced_server:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:advanced_server:sp4:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:datacenter_server:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:datacenter_server:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:datacenter_server:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:datacenter_server:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:datacenter_server:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:datacenter_server:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:datacenter_server:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:datacenter_server:sp3:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:datacenter_server:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:datacenter_server:sp4:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:professional:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:professional:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:professional:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:professional:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:professional:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:professional:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:professional:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:professional:sp3:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:professional:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:professional:sp4:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 17-10-2018 - 21:37)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 19636
bugtraq 20060821 [XSec-06-08]: Windows 2000 Multiple COM Object Instantiation Vulnerability
misc http://www.xsec.org/index.php?module=Releases&act=view&type=1&id=16
sreason 1474
xf ie-win2k-com-dos(28512)
Last major update 17-10-2018 - 21:37
Published 31-08-2006 - 22:04
Last modified 17-10-2018 - 21:37
Back to Top