Vulnerability Details CVE-2006-3351
Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2003 allows user-assisted attackers to cause a denial of service (repeated crash) and possibly execute arbitrary code via a .url file with an InternetShortcut tag containing a long URL and a large number of "file:" specifiers.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.255
EPSS Ranking 96.0%
CVSS Severity
CVSS v2 Score 5.4
References
- http://securityreason.com/securityalert/1186
- http://www.securityfocus.com/archive/1/439153/100/0/threaded
- http://www.securityfocus.com/archive/1/439660/100/200/threaded
- http://www.securityfocus.com/bid/18838
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27567
- http://securityreason.com/securityalert/1186
- http://www.securityfocus.com/archive/1/439153/100/0/threaded
- http://www.securityfocus.com/archive/1/439660/100/200/threaded
- http://www.securityfocus.com/bid/18838
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27567
Products affected by CVE-2006-3351
-
cpe:2.3:o:microsoft:windows_2003_server:3.1.0.3270
-
cpe:2.3:o:microsoft:windows_2003_server:64-bit
-
cpe:2.3:o:microsoft:windows_2003_server:datacenter_64-bit
-
cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition
-
cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit
-
cpe:2.3:o:microsoft:windows_2003_server:enterprise
-
cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit
-
cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition
-
cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit
-
cpe:2.3:o:microsoft:windows_2003_server:itanium
-
cpe:2.3:o:microsoft:windows_2003_server:r2
-
cpe:2.3:o:microsoft:windows_2003_server:sp1
-
cpe:2.3:o:microsoft:windows_2003_server:standard
-
cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit
-
cpe:2.3:o:microsoft:windows_2003_server:web
-
cpe:2.3:o:microsoft:windows_xp:*
-
cpe:2.3:o:microsoft:windows_xp:-
-
cpe:2.3:o:microsoft:windows_xp:ibm_oem_version