CVE-2006-4219 - The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service

CVE-2006-4219

Summary

The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.

References

http://securityreason.com/securityalert/1403
http://www.securityfocus.com/archive/1/443493/100/0/threaded
http://www.securityfocus.com/bid/19570
http://www.xsec.org/index.php?module=Releases&act=view&type=1&id=14
https://exchange.xforce.ibmcloud.com/vulnerabilities/28444

Vulnerable Configurations

cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 17-10-2018 - 21:34)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	19570
bugtraq	20060817 [XSec-06-06]: Windows 2003 (tsuserex.dll) COM Object Instantiation Vulnerability
misc	http://www.xsec.org/index.php?module=Releases&act=view&type=1&id=14
sreason	1403
xf	ie-tsuserex-dos(28444)

Last major update

17-10-2018 - 21:34

Published

18-08-2006 - 19:04

Last modified

17-10-2018 - 21:34