CVE-2006-1303Code Injection in Microsoft IE

CWE-94Code Injection4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
52.8%
top 2.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedJun 13
Latest updateMay 1

Description

Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffect

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/internet_explorer5.0.1, 6.0+1
NVDmicrosoft/ie5.0.1, 6.0+1

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-2frj-fwfm-cr3g: Multiple unspecified vulnerabilities in Microsoft Internet Explorer 52022-05-01
CVEList
CVE-2006-1303: Multiple unspecified vulnerabilities in Microsoft Internet Explorer 52006-06-13
CVE-2006-1303 — Code Injection in Microsoft IE | cvebase