CVE-2006-4777

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.microsoft.com/technet/security/advisory/925444.mspx", "name": "http://www.microsoft.com/technet/security/advisory/925444.mspx", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.kb.cert.org/vuls/id/377369", "name": "VU#377369", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://secunia.com/advisories/21910", "name": "21910", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.xsec.org/index.php?module=releases&act=view&type=2&id=20", "name": "http://www.xsec.org/index.php?module=releases&act=view&type=2&id=20", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/20047", "name": "20047", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/28842", "name": "28842", "tags": [], "refsource": "OSVDB"}, {"url": "http://securitytracker.com/id?1016854", "name": "1016854", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html", "name": "TA06-318A", "tags": ["US Government Resource"], "refsource": "CERT"}, {"url": "http://securityreason.com/securityalert/1577", "name": "1577", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2006/3593", "name": "ADV-2006-3593", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28942", "name": "ie-directanimation-code-execution(28942)", "tags": [], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1103", "name": "oval:org.mitre.oval:def:1103", "tags": [], "refsource": "OVAL"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067", "name": "MS06-067", "tags": [], "refsource": "MS"}, {"url": "http://www.securityfocus.com/archive/1/446246/100/0/threaded", "name": "20060918 Re: IE ActiveX 0day?", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/446085/100/0/threaded", "name": "20060915 Re: Fwd: IE ActiveX 0day?", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/446084/100/0/threaded", "name": "20060915 RE: IE ActiveX 0day?", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/446065/100/0/threaded", "name": "20060915 Fwd: IE ActiveX 0day?", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/445898/100/0/threaded", "name": "20060913 [0day] daxctle2.c - Internet Explorer COM Object Heap Overflow Download Exec Exploit", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-4777", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2006-09-14T00:07Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-17T21:39Z"}