9.3

CVE-2006-0020

Exploit

EPSS 49.91%
Veröffentlicht 10.01.2006 21:03:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows 2000 Updatesp4 Langfr

Microsoft ≫ Windows 2003 Server Versionr2

Microsoft ≫ Windows 2003 Server Versionsp1

Microsoft ≫ Windows 98 Updategold

Microsoft ≫ Windows 98se

Microsoft ≫ Windows Me

Microsoft ≫ Windows Xp Updatesp1 Editiontablet_pc

Microsoft ≫ Windows Xp Updatesp2 Editiontablet_pc

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	49.91%	0.978

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

http://linuxbox.org/pipermail/funsec/2006-January/002828.html

Vendor Advisory

Exploit

http://secunia.com/advisories/18729

Patch

Vendor Advisory

http://secunia.com/advisories/18912

Vendor Advisory

http://www.kb.cert.org/vuls/id/312956

Patch

Third Party Advisory

US Government Resource

http://www.microsoft.com/technet/security/advisory/913333.mspx

Vendor Advisory

http://www.osvdb.org/22976

http://www.securityfocus.com/bid/16516

Patch

http://www.us-cert.gov/cas/techalerts/TA06-045A.html

Third Party Advisory

US Government Resource

http://www.vupen.com/english/advisories/2006/0469

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-004

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1638

https://nvd.nist.gov/vuln/detail/CVE-2006-0020

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-0020

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-0020

EUVD