Vulnerability Details CVE-2006-4868
Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.656
EPSS Ranking 98.4%
CVSS Severity
CVSS v2 Score 9.3
References
- http://blogs.securiteam.com/index.php/archives/624
- http://secunia.com/advisories/21989
- http://securitytracker.com/id?1016879
- http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html
- http://support.microsoft.com/kb/925486
- http://www.kb.cert.org/vuls/id/416092
- http://www.microsoft.com/technet/security/advisory/925568.mspx
- http://www.osvdb.org/28946
- http://www.securityfocus.com/archive/1/446378/100/0/threaded
- http://www.securityfocus.com/archive/1/446505/100/0/threaded
- http://www.securityfocus.com/archive/1/446523/100/0/threaded
- http://www.securityfocus.com/archive/1/446528/100/0/threaded
- http://www.securityfocus.com/archive/1/446881/100/200/threaded
- http://www.securityfocus.com/archive/1/447070/100/0/threaded
- http://www.securityfocus.com/archive/1/448552/100/0/threaded
- http://www.securityfocus.com/archive/1/448552/100/0/threaded
- http://www.securityfocus.com/bid/20096
- http://www.us-cert.gov/cas/techalerts/TA06-262A.html
- http://www.vupen.com/english/advisories/2006/3679
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-055
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29004
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100
- http://blogs.securiteam.com/index.php/archives/624
- http://secunia.com/advisories/21989
- http://securitytracker.com/id?1016879
- http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html
- http://support.microsoft.com/kb/925486
- http://www.kb.cert.org/vuls/id/416092
- http://www.microsoft.com/technet/security/advisory/925568.mspx
- http://www.osvdb.org/28946
- http://www.securityfocus.com/archive/1/446378/100/0/threaded
- http://www.securityfocus.com/archive/1/446505/100/0/threaded
- http://www.securityfocus.com/archive/1/446523/100/0/threaded
- http://www.securityfocus.com/archive/1/446528/100/0/threaded
- http://www.securityfocus.com/archive/1/446881/100/200/threaded
- http://www.securityfocus.com/archive/1/447070/100/0/threaded
- http://www.securityfocus.com/archive/1/448552/100/0/threaded
- http://www.securityfocus.com/archive/1/448552/100/0/threaded
- http://www.securityfocus.com/bid/20096
- http://www.us-cert.gov/cas/techalerts/TA06-262A.html
- http://www.vupen.com/english/advisories/2006/3679
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-055
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29004
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100
Products affected by CVE-2006-4868
-
cpe:2.3:a:microsoft:internet_explorer:5.0.1
-
cpe:2.3:a:microsoft:internet_explorer:6.0
-
cpe:2.3:a:microsoft:outlook:2003
-
cpe:2.3:o:microsoft:windows_2000:-
-
cpe:2.3:o:microsoft:windows_2003_server:-
-
cpe:2.3:o:microsoft:windows_xp:-
-
cpe:2.3:o:microsoft:windows_xp:sp2
-
cpe:2.3:o:microsoft:windows_xp:sp3
-
cpe:2.3:o:microsoft:windows_xp:unknown