Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-2383 — Microsoft Internet Explorer vulnerability

3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

69.1%

top 1.35%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Explorer

Timeline

PublishedJun 13

Latest updateMay 1

Description

Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer5.01, 6+1

Patches

Patch: secunia.com ↗Patch: securitytracker.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-wv8c-jj45-7xj3: Unspecified vulnerability in Microsoft Internet Explorer 5↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

Microsoft DXImageTransform.Microsoft.Light - ActiveX Control Remote Code Execution↗2006-06-13

▶