9.3
CVE-2006-3086
- EPSS 56.46%
- Veröffentlicht 19.06.2006 19:02:00
- Zuletzt bearbeitet 16.06.2026 22:26:22
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka "Hyperlink COM Object Buffer Overflow Vulnerability." NOTE: this is a different issue than CVE-2006-3059.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 56.46% | 0.989 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx
http://marc.info/?l=full-disclosure&m=115067840426070&w=2
http://secunia.com/advisories/20748
http://securitytracker.com/id?1016339
http://www.kb.cert.org/vuls/id/394444
http://www.osvdb.org/26666
http://www.securityfocus.com/archive/1/438057/100/0/threaded
http://www.securityfocus.com/archive/1/438093/100/0/threaded
http://www.securityfocus.com/archive/1/438096/100/0/threaded
http://www.securityfocus.com/archive/1/438156/100/0/threaded
http://www.securityfocus.com/archive/1/438373/100/0/threaded
http://www.securityfocus.com/archive/1/442724/100/0/threaded
http://www.securityfocus.com/bid/18500
http://www.tippingpoint.com/security/advisories/TSRT-06-10.html
http://www.vupen.com/english/advisories/2006/2431
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050
https://exchange.xforce.ibmcloud.com/vulnerabilities/27224
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A999