CVE-2006-3638
Published Aug 8, 2006
Last updated 3 years ago
Overview
- Description
- Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM Object Instantiation Memory Corruption Vulnerability."
- Source
- secure@microsoft.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-119
Configurations
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A" }, { "criteria": "cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA3D2175-7DF7-4D57-8B26-5BA68EF7A935" }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A04FEA6-37B0-44B0-844F-55652ABA1F85" }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D56FB8E-2553-47C1-82A2-9E59023780CE" }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8541EEED-94F4-42F8-9719-57F3EC85D52B" }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40372520-08CF-4F64-A7AC-7E0AE0964138" }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83" }, { "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783" } ], "operator": "OR" } ] } ]