Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-4301Improper Input Validation in Microsoft IE

CWE-20Improper Input Validation5 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
39.4%
top 2.70%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft IE
Timeline
PublishedAug 23
Latest updateMay 1

Description

Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmicrosoft/ie6.0

🔴Vulnerability Details

2
GHSA
GHSA-mhjw-h29g-6j5j: Microsoft Internet Explorer 62022-05-01
CVEList
CVE-2006-4301: Microsoft Internet Explorer 62006-08-23

💥Exploits & PoCs

2
Exploit-DB
Microsoft Internet Explorer 6 - DirectX Media Remote Overflow Denial of Service2007-07-31
Exploit-DB
Microsoft Internet Explorer 6 - Multiple COM Object Color Property Denial of Service Vulnerabilities2006-08-21
CVE-2006-4301 — Improper Input Validation in Microsoft | cvebase