Vulnerability Details : CVE-2006-4494

Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects in Internet Explorer, including (1) tcprops.dll, (2) fp30wec.dll, (3) mdt2db.dll, (4) mdt2qd.dll, and (5) vi30aut.dll.

Vulnerability category: Memory CorruptionExecute codeDenial of service

Published 2006-08-31 22:04:00

Updated 2018-10-17 21:37:20

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2006-4494

Probability of exploitation activity in the next 30 days: 15.17%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2006-4494

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	nvd@nist.gov
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2006-4494

Products affected by CVE-2006-4494

Microsoft » Visual Studio » Version: 6.0
cpe:2.3:a:microsoft:visual_studio:6.0:*:*:*:*:*:*:*
Matching versions
Microsoft » Visual Studio » Version: 6.0 Update SP1
cpe:2.3:a:microsoft:visual_studio:6.0:sp1:*:*:*:*:*:*
Matching versions