Unrated severityNVD Advisory· Published Aug 8, 2006· Updated Apr 16, 2026

CVE-2006-3638

Description

Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM Object Instantiation Memory Corruption Vulnerability."

Affected products

Microsoft/Ie2 versions
cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*
Microsoft/Internet Explorer6 versions
cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/21396nvdVendor Advisory
www.vupen.com/english/advisories/2006/3212nvdVendor Advisory
www.kb.cert.org/vuls/id/959049nvdUS Government Resource
www.us-cert.gov/cas/techalerts/TA06-220A.htmlnvdUS Government Resource
securitytracker.com/idnvd
www.osvdb.org/27852nvd
www.securityfocus.com/archive/1/442728/100/0/threadednvd
www.securityfocus.com/bid/19340nvd
www.tippingpoint.com/security/advisories/TSRT-06-09.htmlnvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A719nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.044
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000