Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2376

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2376
Last Modified 17 Oct 2011 12:00:00
Published 13 Jun 2006 02:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2376

Summary

Integer overflow in the PolyPolygon function in Graphics Rendering Engine on Microsoft Windows 98 and Me allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) or EMF image with a sum of entries in the vertext counts array and number of polygons that triggers a heap-based buffer overflow.

Vulnerable Systems

Operating System

  • Microsoft Windows 98

  • Microsoft Windows 98se

  • Microsoft Windows Me


References

CERT - TA06-164A

CERT-VN - VU#909508

MS - MS06-026

SECUNIA - 20631

XF - win-gre-wmf-code-execution(26815)

VUPEN - ADV-2006-2324

BID - 18322

BUGTRAQ - 20060613 SYMSA-2006-004: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution

OSVDB - 26431

SECTRACK - 1016286

SREASON - 1094


Last Updated: 27 May 2016 10:42:26