Vulnerability Description
Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects in Internet Explorer, including (1) tcprops.dll, (2) fp30wec.dll, (3) mdt2db.dll, (4) mdt2qd.dll, and (5) vi30aut.dll.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Visual Studio | 6.0 |
References
- http://securityreason.com/securityalert/1473
- http://www.securityfocus.com/archive/1/443499/100/100/threaded
- http://www.securityfocus.com/bid/19572
- http://www.xsec.org/index.php?module=releases&act=view&type=1&id=15ExploitVendor Advisory
- http://securityreason.com/securityalert/1473
- http://www.securityfocus.com/archive/1/443499/100/100/threaded
- http://www.securityfocus.com/bid/19572
- http://www.xsec.org/index.php?module=releases&act=view&type=1&id=15ExploitVendor Advisory
FAQ
What is CVE-2006-4494?
CVE-2006-4494 is a vulnerability with a CVSS score of 7.5 (HIGH). Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects ...
How severe is CVE-2006-4494?
CVE-2006-4494 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4494?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Visual Studio.