Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3351

Overview

Vulnerability Score 5.4 5.4
CVE Id CVE-2006-3351
Last Modified 05 Sep 2008 05:06:52
Published 05 Jul 2006 09:05:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-3351

Summary

Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2003 allows user-assisted attackers to cause a denial of service (repeated crash) and possibly execute arbitrary code via a .url file with an InternetShortcut tag containing a long URL and a large number of "file:" specifiers.

Vulnerable Systems

Operating System

  • Microsoft Windows 2003 Server 3.1.0.3270

  • Microsoft Windows 2003 Server 64-bit

  • Microsoft Windows 2003 Server Datacenter 64-bit

  • Microsoft Windows 2003 Server Datacenter Edition

  • Microsoft Windows 2003 Server Datacenter Edition 64-bit

  • Microsoft Windows 2003 Server Enterprise

  • Microsoft Windows 2003 Server Enterprise 64-bit

  • Microsoft Windows 2003 Server Enterprise Edition

  • Microsoft Windows 2003 Server Enterprise Edition 64-bit

  • Microsoft Windows 2003 Server Itanium

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows 2003 Server Sp1

  • Microsoft Windows 2003 Server Standard

  • Microsoft Windows 2003 Server Standard 64-bit

  • Microsoft Windows 2003 Server Web

  • Microsoft Windows Xp

  • Microsoft Windows Xp Ibm Oem Version


References

BID - 18838

BUGTRAQ - 20060706 Re: Windows Explorer URL File format overflow

BUGTRAQ - 20060705 Windows Explorer URL File format overflow

XF - win-explorer-url-dos(27567)

SREASON - 1186


Last Updated: 27 May 2016 10:42:58