[Forgot Password]
Login  Register Subscribe

24003

 
 

131573

 
 

108530

 
 

909

 
 

85343

 
 

134

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2006-3445Date: (C)2006-11-14   (M)2018-02-19


Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 7.5
Exploit Score: Exploit Score: 10.0
Impact Score: Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: PARTIAL
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  
Reference:
SECTRACK-1017222
http://www.securityfocus.com/archive/1/archive/1/458558/100/0/threaded
BID-21034
SECUNIA-22878
ADV-2006-4506
MS06-068
TA06-318A
VU#810772
http://www.coseinc.com/alert.html
ms-agent-acf-bo(29945)

CPE    1
cpe:/o:microsoft:windows_xp::sp2:tablet_pc
CWE    1
CWE-189
OVAL    1
oval:org.mitre.oval:def:154

© SecPod Technologies