Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-4495 — Out-of-bounds Write in Microsoft IE

4 documents4 sources

Severity

7.5HIGHNVD

EPSS

55.0%

top 1.94%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft IE Microsoft Windows 2003 Server

Timeline

PublishedAug 31

Latest updateMay 1

Description

Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/windows_2003_server4 versions+3

▶NVDmicrosoft/ie6.0

🔴Vulnerability Details

GHSA

GHSA-jqfg-7337-c7c8: Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiat↗2022-05-01

▶

CVEList

CVE-2006-4495: Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiat↗2006-08-31

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows Server 2000 - Multiple COM Object Instantiation Code Execution Vulnerabilities↗2006-08-21

▶