[Forgot Password]
Login  Register Subscribe

23631

 
 

122183

 
 

98060

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2006-3445

Date: (C)2006-11-14   (M)2017-10-12 


Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.

CVSS Score: 7.5Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
SECTRACK-1017222
http://www.securityfocus.com/archive/1/archive/1/458558/100/0/threaded
BID-21034
SECUNIA-22878
ADV-2006-4506
MS06-068
TA06-318A
VU#810772
http://www.coseinc.com/alert.html
ms-agent-acf-bo(29945)

CPE    1
cpe:/o:microsoft:windows_xp::sp2:tablet_pc
CWE    1
CWE-189
OVAL    1
oval:org.mitre.oval:def:154

© 2013 SecPod Technologies