9.3
CVE-2006-4868
- EPSS 63.98%
- Veröffentlicht 19.09.2006 19:07:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Internet Explorer Version6.0
Microsoft ≫ Windows 2000 Updatesp4
Microsoft ≫ Windows 2003 Server
Microsoft ≫ Windows 2003 Server Editionitanium
Microsoft ≫ Windows 2003 Server Editionx64
Microsoft ≫ Windows 2003 Server Updategold
Microsoft ≫ Windows 2003 Server Updatesp1
Microsoft ≫ Windows Xp
Microsoft ≫ Windows Xp Updatesp1
Microsoft ≫ Windows Xp Updatesp2
Microsoft ≫ Windows 2003 Server
Microsoft ≫ Windows 2003 Server Editionitanium
Microsoft ≫ Windows 2003 Server Editionx64
Microsoft ≫ Windows 2003 Server Updategold
Microsoft ≫ Windows 2003 Server Updatesp1
Microsoft ≫ Windows Xp
Microsoft ≫ Windows Xp Updatesp1
Microsoft ≫ Windows Xp Updatesp2
Microsoft ≫ Outlook Version2003
Microsoft ≫ Windows 2000 Updatesp4
Microsoft ≫ Windows 2003 Server
Microsoft ≫ Windows 2003 Server Editionitanium
Microsoft ≫ Windows 2003 Server Editionx64
Microsoft ≫ Windows 2003 Server Updategold
Microsoft ≫ Windows 2003 Server Updatesp1
Microsoft ≫ Windows Xp
Microsoft ≫ Windows Xp Updatesp1
Microsoft ≫ Windows Xp Updatesp2
Microsoft ≫ Windows 2003 Server
Microsoft ≫ Windows 2003 Server Editionitanium
Microsoft ≫ Windows 2003 Server Editionx64
Microsoft ≫ Windows 2003 Server Updategold
Microsoft ≫ Windows 2003 Server Updatesp1
Microsoft ≫ Windows Xp
Microsoft ≫ Windows Xp Updatesp1
Microsoft ≫ Windows Xp Updatesp2
Microsoft ≫ Internet Explorer Version5.0.1 Updatesp4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 63.98% | 0.984 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.