RULE(RULE ID:713587)

Rule General Information
Release Date: 2014-12-30
Rule Name: Microsoft Internet Explorer COM Object Instantiation Memory Corruption Vulnerability (CVE-2006-1303)
Severity:
CVE ID:
Rule Protection Details
Description: Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1)DXImageTransform.Microsoft.MMSpecialEffect1Input, (2)DXImageTransform.Microsoft.MMSpecialEffect1Input.1,(3)DXImageTransform.Microsoft.MMSpecialEffect2Inputs,(4)DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5)DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6)DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection.
Impact: An attacker can execute arbitrary code in the context of the vulnerable system. Failed exploit may cause denial-of-service attack.
Affected OS: Windows
Reference: MicrosoftSecurityBulletin:ms06-021
SecurityFocusBID:18328
Solutions
Microsoft has released a patch MS06-021 to eliminate the vulnerability. The patch can be downloaded at http://www.microsoft.com/technet/security/bulletin/ms06-021.mspx