CVE-2006-4777 Information

Description

Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1 on Chinese and possibly other Windows distributions allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method possibly related to an integer overflow as demonstrated by daxctle2 and a different vulnerability than CVE-2006-4446.

Reference

http://secunia.com/advisories/21910 http://securityreason.com/securityalert/1577 http://securitytracker.com/id?1016854 http://www.kb.cert.org/vuls/id/377369 http://www.microsoft.com/technet/security/advisory/925444.mspx http://www.osvdb.org/28842 http://www.securityfocus.com/archive/1/445898/100/0/threaded http://www.securityfocus.com/archive/1/446065/100/0/threaded http://www.securityfocus.com/archive/1/446084/100/0/threaded http://www.securityfocus.com/archive/1/446085/100/0/threaded http://www.securityfocus.com/archive/1/446246/100/0/threaded http://www.securityfocus.com/bid/20047 http://www.us-cert.gov/cas/techalerts/TA06-318A.html http://www.vupen.com/english/advisories/2006/3593 http://www.xsec.org/index.php?module=releases&act=view&type=2&id=20 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067 https://exchange.xforce.ibmcloud.com/vulnerabilities/28942 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1103