Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-4494 — Out-of-bounds Write in Microsoft Visual Studio

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

51.6%

top 2.10%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Visual Studio

Timeline

PublishedAug 31

Latest updateMay 1

Description

Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects in Internet Explorer, including (1) tcprops.dll, (2) fp30wec.dll, (3) mdt2db.dll, (4) mdt2qd.dll, and (5) vi30aut.dll.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/visual_studio6.0

🔴Vulnerability Details

GHSA

GHSA-j5fh-hp66-hvgw: Microsoft Visual Studio 6↗2022-05-01

▶

CVEList

CVE-2006-4494: Microsoft Visual Studio 6↗2006-08-31

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer 6 - Visual Studio COM Object Instantiation Denial of Service↗2006-08-08

▶