Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0020

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2006-0020
Last Modified 07 Mar 2011 09:29:10
Published 10 Jan 2006 04:03:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0020

Summary

An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows 2003 Server Sp1

  • Microsoft Windows 98

  • Microsoft Windows 98se

  • Microsoft Windows Me

  • Microsoft Windows Xp


References

CERT-VN - VU#312956

CERT - TA06-045A

BID - 16516

MS - MS06-004

SECUNIA - 18729

VUPEN - ADV-2006-0469

OSVDB - 22976

CONFIRM - http://www.microsoft.com/technet/security/advisory/913333.mspx

SECUNIA - 18912

MLIST - [funsec] 20060110 Another WMF flaw without a Microsoft patch


Last Updated: 27 May 2016 10:41:29