cbcvebase.
CVE-2006-2383
published 2006-06-13

CVE-2006-2383: Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data"…

PriorityP348critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
40.30%
98.5th percentile
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.

Affected

2 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
microsoftinternet_explorer

Detection & IOCsextracted from sources · hover to see the quote

commandDXTLight.moveLight "-1", "1", "1", "1", "1"
  • Look for invocation of the DXImageTransform.Microsoft.Light ActiveX control's moveLight method with unexpected/negative parameter values (e.g. "-1") in web content, which is the trigger for the vulnerability.
  • The vulnerability is triggered via 'unexpected data' related to 'parameter validation' in the DXImageTransform.Microsoft.Light ActiveX control, causing IE to crash in a way that enables code execution — monitor for ActiveX instantiation of this control in browser processes.
  • ·Exploit targets Internet Explorer 5.01 SP4 and 6 SP1 and earlier only; patched versions are not affected.
  • ·The vulnerability is described as 'unspecified' with no further technical detail on the exact memory corruption mechanism beyond parameter validation failure in the ActiveX control.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.