Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-4193Out-of-bounds Write in Microsoft IE

5 documents4 sources
Severity
7.5HIGHNVD
EPSS
39.0%
top 2.72%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedAug 17
Latest updateMay 1

Description

Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. NOTE: it is not certain whether the issue is in Internet Explorer or the individual DLL files.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDmicrosoft/ie6.0

🔴Vulnerability Details

2
GHSA
GHSA-v68f-x6fc-xjfh: Microsoft Internet Explorer 62022-05-01
CVEList
CVE-2006-4193: Microsoft Internet Explorer 62006-08-17

💥Exploits & PoCs

2
Exploit-DB
Microsoft Internet Explorer 6 - 'MSOE.dll' Denial of Service2006-08-15
Exploit-DB
Microsoft Internet Explorer 6 - 'IMSKDIC.dll' Denial of Service2006-08-15
CVE-2006-4193 — Out-of-bounds Write in Microsoft IE | cvebase