CVE-2006-4494

Description

Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects in Internet Explorer, including (1) tcprops.dll, (2) fp30wec.dll, (3) mdt2db.dll, (4) mdt2qd.dll, and (5) vi30aut.dll.

Affected products

• Microsoft / visual_studio6.0 – 6.0
• Microsoft / visual_studio6.0 – 6.0

References

• MISChttp://www.securityfocus.com/archive/1/443499/100/100/threaded
• MISChttp://www.xsec.org/index.php?module=releases&act=view&type=1&id=15
• MISChttp://www.securityfocus.com/bid/19572
• MISChttp://securityreason.com/securityalert/1473