[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-3445Date: (C)2006-11-14   (M)2023-12-22


Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1017222
http://www.securityfocus.com/archive/1/archive/1/458558/100/0/threaded
BID-21034
SECUNIA-22878
ADV-2006-4506
MS06-068
TA06-318A
VU#810772
http://www.coseinc.com/alert.html
ms-agent-acf-bo(29945)

CPE    1
cpe:/o:microsoft:windows_xp::sp2:tablet_pc
CWE    1
CWE-189
OVAL    1
oval:org.mitre.oval:def:154

© SecPod Technologies