Vulnerability Details : CVE-2006-4193

Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), which leads to memory corruption. NOTE: it is not certain whether the issue is in Internet Explorer or the individual DLL files.

Vulnerability category: Memory CorruptionExecute codeDenial of service

Published 2006-08-17 01:04:00

Updated 2021-07-23 12:55:04

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2006-4193

Probability of exploitation activity in the next 30 days: 9.55%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2006-4193

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	nvd@nist.gov
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2006-4193

http://www.xsec.org/index.php?module=releases&act=view&type=1&id=8

Exploit;Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/28436
http://securityreason.com/securityalert/1402
https://exchange.xforce.ibmcloud.com/vulnerabilities/28438
https://exchange.xforce.ibmcloud.com/vulnerabilities/28439
http://www.securityfocus.com/bid/19529

Exploit
http://www.xsec.org/index.php?module=releases&act=view&type=1&id=10

Exploit;Vendor Advisory
http://www.securityfocus.com/archive/1/443299/100/0/threaded
http://www.securityfocus.com/bid/19530

Exploit
http://www.xsec.org/index.php?module=releases&act=view&type=1&id=9

Exploit;Vendor Advisory
http://www.securityfocus.com/bid/19521

Exploit
http://www.securityfocus.com/archive/1/443290/100/0/threaded
http://www.securityfocus.com/archive/1/443295/100/0/threaded

Products affected by CVE-2006-4193

Microsoft » IE » Version: 6.0 Update SP1
cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
Matching versions
Microsoft » IE » Version: 6.0 Update SP2
cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Internet Explorer » Version: 6.0
cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
Matching versions