Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3086

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2006-3086
Last Modified 07 Mar 2011 09:37:49
Published 19 Jun 2006 03:02:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-3086

Summary

Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka "Hyperlink COM Object Buffer Overflow Vulnerability." NOTE: this is a different issue than CVE-2006-3059.

Vulnerable Systems

Application

  • Microsoft Hyperlink Object Library


References

CERT-VN - VU#394444

MISC - http://www.tippingpoint.com/security/advisories/TSRT-06-10.html

BUGTRAQ - 20060808 TSRT-06-10: Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability

SECTRACK - 1016339

SECUNIA - 20748

XF - excel-hlink-bo(27224)

VUPEN - ADV-2006-2431

BID - 18500

BUGTRAQ - 20060623 Re: MS Excel Remote Code Execution POC Exploit

BUGTRAQ - 20060623 Re: Re: MS Excel Remote Code Execution POC Exploit

BUGTRAQ - 20060622 Re: MS Excel Remote Code Execution POC Exploit

BUGTRAQ - 20060622 RE: MS Excel Remote Code Execution POC Exploit

BUGTRAQ - 20060622 MS Excel Remote Code Execution POC Exploit

OSVDB - 26666

MS - MS06-050

MILW0RM - 1927

FULLDISC - 20060618 ***ULTRALAME*** Microsoft Excel Unicode Overflow

MISC - http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx


Last Updated: 27 May 2016 10:42:52