Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2297

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2006-2297
Last Modified 18 Oct 2011 12:00:00
Published 09 May 2006 10:22:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2297

Summary

Heap-based buffer overflow in Microsoft Infotech Storage System Library (itss.dll) allows user-assisted attackers to execute arbitrary code via a crafted CHM / ITS file that triggers the overflow while decompiling.

Vulnerable Systems

Application

  • Microsoft Infotech Storage System Library


References

XF - ms-itssdll-chm-bo(26340)

VUPEN - ADV-2006-1761

BID - 17926

BUGTRAQ - 20060512 Re: [Reversemode] Microsoft Infotech Storage library Heap Corruption

BUGTRAQ - 20060510 Re: [Reversemode] Microsoft Infotech Storage library Heap Corruption

BUGTRAQ - 20060509 [Reversemode] Microsoft Infotech Storage library Heap Corruption

MISC - http://www.reversemode.com/advisories/advisory-itss.pdf

OSVDB - 25501

SREASON - 886

SECUNIA - 20061


Last Updated: 27 May 2016 10:42:24