Denial of Service Vulnerability in Microsoft Internet Explorer's System Information ActiveX Control
CVE-2006-4627

Currently unrated

Key Information:

Vendor: Microsoft
Status: System Information Activex Control
Vendor: CVE Published:; 7 September 2006

What is CVE-2006-4627?

The System Information ActiveX control (msinfo.dll) in Microsoft Internet Explorer is susceptible to a vulnerability that allows remote attackers to exploit the SaveFile function. By sending specially crafted input with excessive lengths for the computer name, filename, or category arguments, an attacker can trigger a crash, resulting in a denial of service. This vulnerability highlights the need for robust security measures in ActiveX components to prevent unauthorized access and potential disruptions.

References

http://www.osvdb.org/28381

vdb-entryx_refsource_OSVDB

http://noderat.spaces.live.com/blog/cns%216ADE4614B66EADD...

x_refsource_MISC

http://www.blogger.com/comment.g?blogID=30557436&postID=1...

x_refsource_MISC

EPSS Score

18% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 7, 2006