Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13804
HistoryAug 09, 2006 - 12:00 a.m.

[Full-disclosure] TSRT-06-09: Microsoft DirectAnimation COM Object Memory Corruption Vulnerability

2006-08-0900:00:00
vulners.com
23
JSON

TSRT-06-09: Microsoft DirectAnimation COM Object Memory Corruption
Vulnerability

http://www.tippingpoint.com/security/advisories/TSRT-06-09.html
August 8, 2006

– CVE ID:
CVE-2006-3638

– Affected Vendor:
Microsoft

– Affected Products:
Internet Explorer 6 All Versions
Internet Explorer 5 SP4

– TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability since August 8, 2006 by Digital Vaccine protection
filter ID 4593. For further product information on the TippingPoint IPS:

http://www.tippingpoint.com

– Vulnerability Details:
This vulnerability allows attackers to execute arbitrary code on
vulnerable installations of Microsoft Internet Explorer. User
interaction is required to exploit this vulnerability in that the
target must visit a malicious page.

The specific flaw exists in the DirectAnimation.DATuple ActiveX control
when improperly calling the Nth() method. By supplying a positive
integer we can control a data reference calculation that is later used
to control execution. The problem is due to the lack of sanity checking
on the index used during a call to TupleNthBvrImpl::GetTypeInfo() in
danim.dll.

– Vendor Response:
Microsoft has issued an update to correct this vulnerability. More
details can be found at:

http://www.microsoft.com/technet/security/bulletin/MS06-042.mspx

– Disclosure Timeline:
2006.04.27 - Vulnerability reported to vendor
2006.08.08 - Digital Vaccine released to TippingPoint customers
2006.08.08 - Coordinated public release of advisory

– Credit:
This vulnerability was discovered by Cody Pierce, Tipping Point Security
Research Team.

– About the TippingPoint Security Research Team (TSRT):
The TippingPoint Security Research Team (TSRT) consists of industry
recognized security researchers that apply their cutting-edge
engineering, reverse engineering and analysis talents in our daily
operations. More information about the team is available at:

http://www.tippingpoint.com/security

The by-product of these efforts fuels the creation of vulnerability
filters that are automatically delivered to our customers' intrusion
prevention systems through the Digital Vaccine(R) service.

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Related

cve 1
checkpoint_advisories 2
cert 1
securityvulns 1
nessus 1
cve
cve
CVE-2006-3638
2006-08-08 23:04:00
checkpoint_advisories
checkpoint_advisories
Internet Explorer DirectAnimation COM Object Memory Corruption (MS06-042; CVE-2006-3638)
2009-10-22 00:00:00
Update Protection against Microsoft Internet Explorer Memory Corruption Vulnerabilities (MS06-042)
2006-10-11 00:00:00
cert
cert
Multiple COM objects cause memory corruption in Microsoft Internet Explorer
2005-08-09 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS06-042 Cumulative Security Update for Internet Explorer (918899)
2006-08-08 00:00:00
nessus
nessus
MS06-042: Cumulative Security Update for Internet Explorer (918899)
2006-08-08 00:00:00
JSON
Related for SECURITYVULNS:DOC:13804
cve1checkpoint_advisories2cert1securityvulns1nessus1