HOME > VULNERABILITY NOTES


   VULNERABILITY NOTES

CERT-In Vulnerability Note CIVN-2006-91
Microsoft Internet Explorer "daxctle.ocx" KeyFrame Memory Corruption Vulnerability

Original Issue Date: September 15, 2006
Updated on: November 15, 2006

Severity Rating: High

Systems Affected

  • Microsoft Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
  • Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
  • Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows XP Service Pack 1
  • Microsoft Internet Explorer 6 for Microsoft Windows XP Service Pack 2
  • Microsoft Internet Explorer 6 for Microsoft Windows Server 2003
  • Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 (Itanium)
  • Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 with SP1 (Itanium)
  • Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
  • Microsoft Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
  • Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows 98
  • Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows 98 SE
  • Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows Millennium Edition

Overview

A remote code execution vulnerability has been reported in Microsoft Internet Explorer that could be exploited by an attackers to take complete control of the vulnerable system.

Description

The vulnerability is caused due to a memory corruption error while processing a specially crafted argument passed to the "KeyFrame()" method of a "DirectAnimation.PathControl" (daxctle.ocx) ActiveX object.

The attacker could exploit this vulnerability by creating and hosting a malicious website and by persuading the user to visit the website typically by getting them click on a link to the website and could cause denial of service or execute the arbitrary code to take complete control of the vulnerable system.

It has been observed that exploit code for the vulnerability is publicly available.

Workarounds

  • Prevent the Microsoft DirectAnimation Path ActiveX control from running in Internet Explorer
  • Configure Internet Explorer to prompt before running Active Scripting or disable Active Scripting in the Internet and Local intranet security zone.
  • Configure Internet Explorer to prompt before running ActiveX Controls or disable ActiveX Controls in the Internet and Local intranet security zone.
  • Set Internet and Local intranet security zone settings to “High” to prompt before running ActiveX Controls and Active Scripting in these zones.
  • Modify the Access Control List on Daxctle.ocx to be more restrictive

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS06-067

References

Microsoft
http://www.microsoft.com/technet/security/advisory/925444.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-067.mspx

FrSIRT
http://www.frsirt.com/english/advisories/2006/3593

CVE Name
CVE-2006-4777

Revisions:
September 19, 2006: References, workarounds.
November 15, 2006: Workarounds, Solution and Reference.

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003