Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-4777Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft IE

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents5 sources
Severity
7.6HIGHNVD
CNA5.0VulnCheck5.0
EPSS
87.6%
top 0.53%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft IE
Timeline
PublishedSep 14
Latest updateMay 1

Description

Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/ie6.0

🔴Vulnerability Details

3
GHSA
GHSA-h8xv-8m4r-fp4f: Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation2022-05-01
CVEList
CVE-2006-4777: Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation2006-09-14
VulnCheck
Microsoft Internet Explorer Improper Restriction of Operations within the Bounds of a Memory Buffer2006

💥Exploits & PoCs

3
Exploit-DB
Microsoft Internet Explorer - Daxctle.OCX KeyFrame Method Heap Buffer Overflow (MS06-067) (Metasploit)2010-07-16
Exploit-DB
Microsoft Internet Explorer - COM Object Remote Heap Overflow2006-09-13
Exploit-DB
Linux Kernel 2.6.13 < 2.6.17.4 - 'sys_prctl()' Local Privilege Escalation (4)2006-07-14
CVE-2006-4777 — Microsoft IE vulnerability | cvebase