|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-03-26 | |
| Rule Name: | Microsoft Internet Explorer daxctle.ocx Spline Method Buffer Overflow Vulnerability (CVE-2006-4446) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | There exists a buffer overflow in the DirectAnimation ActiveX control. The flaw is due to improper validation of user supplied arguments to the Spline() method of the affected object. By persuading the target user to visit malicious web site, an attacker may execute arbitrary code on the target system with the privileges of the currently logged on user. In an attack case where code injection is not successful, the affected application will terminate abnormally. In a more sophisticated attack where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user | |
| Impact: | A buffer overflow vulnerability can be triggered by an attacker in the context of the vulnerable product. Further attacks includes arbitrary code execution and denial of service. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | SecurityFocusBID:19738 MicrosoftSecurityBulletin:ms06-067 http://securityreason.com/securityalert/1468 SecurityTrackerID:1016764 |
|
| Solutions |
|---|
| Microsoft has released a patch MS06-067 to eliminate the vulnerability. The patch can be downloaded at: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067 |