HOME > VULNERABILITY NOTES


   VULNERABILITY NOTES

CERT-In Vulnerability Note CIVN-2006-115
Microsoft Internet Explorer "daxctle.ocx" KeyFrame and HTML Rendering Memory Corruption Vulnerability

Original Issue Date: November 15, 2006

Severity Rating: High

Systems Affected

  • Microsoft Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
  • Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
  • Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows XP Service Pack 1
  • Microsoft Internet Explorer 6 for Microsoft Windows XP Service Pack 2
  • Microsoft Internet Explorer 6 for Microsoft Windows Server 2003
  • Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 (Itanium)
  • Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 with SP1 (Itanium)
  • Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
  • Microsoft Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
  • Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows 98
  • Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows 98 SE
  • Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows Millennium Edition

Overview

Two remote code execution vulnerability has been reported in Microsoft Internet Explorer that could be exploited by an attacker to take complete control of the vulnerable system.

Description

1. DirectAnimation ActiveX Controls Memory Corruption Vulnerabilities ( CVE-2006-4446 , CVE-2006-4777 )

This vulnerability is caused due to a memory corruption error while processing a specially crafted argument passed to the "KeyFrame()" method of a "DirectAnimation.PathControl" (daxctle.ocx) ActiveX object.(This issue has already been described in CIVN-2006-91 ).


It has been observed that exploit code for the vulnerability is publicly available.

2. HTML Rendering Memory Corruption Vulnerability ( CVE-2006-4687 )

This vulnerability is caused due to memory corruption error while handling specially crafted HTML file with certain HTML Layout combination.

The attacker could exploit these vulnerabilities by creating and hosting a malicious website and by persuading the user to visit the website typically by getting them click on a link to the website and could cause denial of service or execute the arbitrary code to take complete control of the vulnerable system .

Workarounds

  • Prevent the Microsoft DirectAnimation Path ActiveX control from running in Internet Explorer
  • Configure Internet Explorer to prompt before running Active Scripting or disable Active Scripting in the Internet and Local intranet security zone.
  • Configure Internet Explorer to prompt before running ActiveX Controls or disable ActiveX Controls in the Internet and Local intranet security zone.
  • Set Internet and Local intranet security zone settings to “High” to prompt before running ActiveX Controls and Active Scripting in these zones.
  • Modify the Access Control List on Daxctle.ocx to be more restrictive

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS06-067

References

Microsoft
http://www.microsoft.com/technet/security/bulletin/ms06-067.mspx
http://www.microsoft.com/technet/security/advisory/925444.mspx

FrSIRT
http://www.frsirt.com/english/advisories/2006/3593

CVE-Name
CVE-2006-4777
CVE-2006-4446
CVE-2006-4687

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003