Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3445

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3445
Last Modified 03 Oct 2011 12:00:00
Published 14 Nov 2006 04:07:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3445

Summary

Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server 64-bit

  • Microsoft Windows 2003 Server Itanium

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows 2003 Server Sp1

  • Microsoft Windows Xp


References

CERT - TA06-318A

CERT-VN - VU#810772

MS - MS06-068

XF - ms-agent-acf-bo(29945)

VUPEN - ADV-2006-4506

BID - 21034

BUGTRAQ - 20070130 COSEINC Alert: Microsoft Agent Heap Overflow Vulnerability Technical Details (Patched)

MISC - http://www.coseinc.com/alert.html

SECTRACK - 1017222

SECUNIA - 22878


Last Updated: 27 May 2016 10:43:00