CVE-2006-3638Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft IE

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
7.5HIGHNVD
EPSS
64.6%
top 1.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedAug 8
Latest updateMay 1

Description

Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM Object Instantiation Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDmicrosoft/internet_explorer5.0.1, 6.0+1
NVDmicrosoft/ie6.0

🔴Vulnerability Details

2
GHSA
GHSA-4m8q-ffj9-gvq4: Microsoft Internet Explorer 52022-05-01
CVEList
CVE-2006-3638: Microsoft Internet Explorer 52006-08-08
CVE-2006-3638 — Microsoft IE vulnerability | cvebase