CVE-2006-3086
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
99.3%
Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka “Hyperlink COM Object Buffer Overflow Vulnerability.” NOTE: this is a different issue than CVE-2006-3059.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | hyperlink_object_library | * | cpe:2.3:a:microsoft:hyperlink_object_library:*:*:*:*:*:*:*:* |
References
blogs.technet.com/msrc/archive/2006/06/20/437826.aspx
marc.info/?l=full-disclosure&m=115067840426070&w=2
secunia.com/advisories/20748
securitytracker.com/id?1016339
www.kb.cert.org/vuls/id/394444
www.osvdb.org/26666
www.securityfocus.com/archive/1/438057/100/0/threaded
www.securityfocus.com/archive/1/438093/100/0/threaded
www.securityfocus.com/archive/1/438096/100/0/threaded
www.securityfocus.com/archive/1/438156/100/0/threaded
www.securityfocus.com/archive/1/438373/100/0/threaded
www.securityfocus.com/archive/1/442724/100/0/threaded
www.securityfocus.com/bid/18500
www.tippingpoint.com/security/advisories/TSRT-06-10.html
www.vupen.com/english/advisories/2006/2431
docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050
exchange.xforce.ibmcloud.com/vulnerabilities/27224
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A999
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
99.3%