CVE-2006-4193 Information

Description

Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls including (1) imskdic.dll (Microsoft IME) (2) chtskdic.dll (Microsoft IME) and (3) msoe.dll (Outlook) which leads to memory corruption. NOTE: it is not certain whether the issue is in Internet Explorer or the individual DLL files.

Reference

http://securityreason.com/securityalert/1402 http://www.osvdb.org/29345 http://www.osvdb.org/29346 http://www.osvdb.org/29347 http://www.securityfocus.com/archive/1/443290/100/0/threaded http://www.securityfocus.com/archive/1/443295/100/0/threaded http://www.securityfocus.com/archive/1/443299/100/0/threaded http://www.securityfocus.com/bid/19521 http://www.securityfocus.com/bid/19529 http://www.securityfocus.com/bid/19530 http://www.xsec.org/index.php?module=releases&act=view&type=1&id=10 http://www.xsec.org/index.php?module=releases&act=view&type=1&id=8 http://www.xsec.org/index.php?module=releases&act=view&type=1&id=9 https://exchange.xforce.ibmcloud.com/vulnerabilities/28436 https://exchange.xforce.ibmcloud.com/vulnerabilities/28438 https://exchange.xforce.ibmcloud.com/vulnerabilities/28439