Vulnerability Description
Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. NOTE: it is not certain whether the issue is in Internet Explorer or the individual DLL files.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Ie | 6.0 |
| Microsoft | Internet Explorer | 6.0 |
References
- http://securityreason.com/securityalert/1402
- http://www.osvdb.org/29345
- http://www.osvdb.org/29346
- http://www.osvdb.org/29347
- http://www.securityfocus.com/archive/1/443290/100/0/threaded
- http://www.securityfocus.com/archive/1/443295/100/0/threaded
- http://www.securityfocus.com/archive/1/443299/100/0/threaded
- http://www.securityfocus.com/bid/19521Exploit
- http://www.securityfocus.com/bid/19529Exploit
- http://www.securityfocus.com/bid/19530Exploit
- http://www.xsec.org/index.php?module=releases&act=view&type=1&id=10ExploitVendor Advisory
- http://www.xsec.org/index.php?module=releases&act=view&type=1&id=8ExploitVendor Advisory
- http://www.xsec.org/index.php?module=releases&act=view&type=1&id=9ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28436
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28438
FAQ
What is CVE-2006-4193?
CVE-2006-4193 is a vulnerability with a CVSS score of 7.5 (HIGH). Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX control...
How severe is CVE-2006-4193?
CVE-2006-4193 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4193?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Ie, Microsoft Internet Explorer.