Podatność CVE-2006-0010


Publikacja: 2006-01-10   Modyfikacja: 2012-02-12

Opis:
Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.

Typ:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
9.3/10
10/10
8.6/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Średnia
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Pełny
Pełny
Pełny
Affected software
Microsoft -> Windows 2000 
Microsoft -> Windows 2003 server 
Microsoft -> Windows 98 
Microsoft -> Windows 98se 
Microsoft -> Windows me 
Microsoft -> Windows nt 
Microsoft -> Windows xp 

 Referencje:
http://seclists.org/fulldisclosure/2006/Jan/363
http://securitytracker.com/id?1015459
http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm
http://www.eeye.com/html/Research/Advisories/EEYEB20050801.html
http://www.kb.cert.org/vuls/id/915930
http://www.securityfocus.com/archive/1/421885/100/0/threaded
http://www.securityfocus.com/bid/16194
http://www.us-cert.gov/cas/techalerts/TA06-010A.html
http://www.vupen.com/english/advisories/2006/0118
http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375525
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-002
https://exchange.xforce.ibmcloud.com/vulnerabilities/23922
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1126
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1185
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1462
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1491
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A698
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A714

Copyright 2022, cxsecurity.com

 

Back to Top