Search criteria
6 vulnerabilities found for hyperlink_object_library by microsoft
FKIE_CVE-2006-3438
Vulnerability from fkie_nvd - Published: 2006-08-09 00:04 - Updated: 2025-04-03 01:03
Severity ?
Summary
Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file containing a malformed function," aka "Hyperlink Object Function Vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | hyperlink_object_library | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:hyperlink_object_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC8470B2-118A-4A5E-94CA-636BFA8A75F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll \"uses a file containing a malformed function,\" aka \"Hyperlink Object Function Vulnerability.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Microsoft Hyperlink Object Library (hlink.dll), posiblemente un desbordamiento de b\u00fafer, permite a atacantes con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante hiperenlaces manipulados que no son manejados adecuadamente cuando hlink.dll \"utiliza un archivo que contiene una funci\u00f3n mal formada\" tambi\u00e9n conocida como \"Vulnerabilidad de Funci\u00f3n de Objeto Hiperenlace\"."
}
],
"id": "CVE-2006-3438",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-08-09T00:04:00.000",
"references": [
{
"source": "secure@microsoft.com",
"url": "http://securitytracker.com/id?1016659"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/683612"
},
{
"source": "secure@microsoft.com",
"url": "http://www.securityfocus.com/bid/19405"
},
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"source": "secure@microsoft.com",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050"
},
{
"source": "secure@microsoft.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016659"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/683612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A115"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-3086
Vulnerability from fkie_nvd - Published: 2006-06-19 19:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka "Hyperlink COM Object Buffer Overflow Vulnerability." NOTE: this is a different issue than CVE-2006-3059.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | hyperlink_object_library | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:hyperlink_object_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC8470B2-118A-4A5E-94CA-636BFA8A75F6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka \"Hyperlink COM Object Buffer Overflow Vulnerability.\" NOTE: this is a different issue than CVE-2006-3059."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer basado en pila en la funci\u00f3n HrShellOpenWithMonikerDisplayName en la Biblioteca de objetos de Hiperv\u00ednuclo de Microsoft (hlink.dll) permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un hiperv\u00ednculo demasiado largo, tal y como se demuestra con una hoja de c\u00e1lculo Excel con un enlace en Unicode demasiado largo. Se trata de un problema tambi\u00e9n conocido como \"vulnerabilidad de desbordamiento de b\u00fafer del objeto hiperv\u00ednculo COM.\" NOTA: se trata de un problema diferente al del CVE-2006-3059."
}
],
"id": "CVE-2006-3086",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-19T19:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=115067840426070\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20748"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016339"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/394444"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/26666"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/438057/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/438093/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/438096/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/438156/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/438373/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/442724/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18500"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-10.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2431"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27224"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=115067840426070\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1016339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/394444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/26666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/438057/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/438093/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/438096/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/438156/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/438373/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/442724/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/18500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-10.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A999"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2006-3438 (GCVE-0-2006-3438)
Vulnerability from cvelistv5 – Published: 2006-08-09 00:00 – Updated: 2024-08-07 18:30
VLAI?
Summary
Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file containing a malformed function," aka "Hyperlink Object Function Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:33.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1016659",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016659"
},
{
"name": "19405",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19405"
},
{
"name": "oval:org.mitre.oval:def:115",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A115"
},
{
"name": "VU#683612",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/683612"
},
{
"name": "TA06-220A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "MS06-050",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll \"uses a file containing a malformed function,\" aka \"Hyperlink Object Function Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1016659",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016659"
},
{
"name": "19405",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19405"
},
{
"name": "oval:org.mitre.oval:def:115",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A115"
},
{
"name": "VU#683612",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/683612"
},
{
"name": "TA06-220A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "MS06-050",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-3438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll \"uses a file containing a malformed function,\" aka \"Hyperlink Object Function Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016659",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016659"
},
{
"name": "19405",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19405"
},
{
"name": "oval:org.mitre.oval:def:115",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A115"
},
{
"name": "VU#683612",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/683612"
},
{
"name": "TA06-220A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "MS06-050",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-3438",
"datePublished": "2006-08-09T00:00:00",
"dateReserved": "2006-07-07T00:00:00",
"dateUpdated": "2024-08-07T18:30:33.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3086 (GCVE-0-2006-3086)
Vulnerability from cvelistv5 – Published: 2006-06-19 19:00 – Updated: 2024-08-07 18:16
VLAI?
Summary
Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka "Hyperlink COM Object Buffer Overflow Vulnerability." NOTE: this is a different issue than CVE-2006-3059.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:16:06.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060622 MS Excel Remote Code Execution POC Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438057/100/0/threaded"
},
{
"name": "20060622 RE: MS Excel Remote Code Execution POC Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438093/100/0/threaded"
},
{
"name": "20060623 Re: MS Excel Remote Code Execution POC Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438373/100/0/threaded"
},
{
"name": "VU#394444",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/394444"
},
{
"name": "20060623 Re: Re: MS Excel Remote Code Execution POC Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438156/100/0/threaded"
},
{
"name": "20060808 TSRT-06-10: Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/442724/100/0/threaded"
},
{
"name": "ADV-2006-2431",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2431"
},
{
"name": "oval:org.mitre.oval:def:999",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A999"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx"
},
{
"name": "20060622 Re: MS Excel Remote Code Execution POC Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438096/100/0/threaded"
},
{
"name": "26666",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26666"
},
{
"name": "excel-hlink-bo(27224)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27224"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-10.html"
},
{
"name": "20060618 ***ULTRALAME*** Microsoft Excel Unicode Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115067840426070\u0026w=2"
},
{
"name": "20748",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20748"
},
{
"name": "MS06-050",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050"
},
{
"name": "18500",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18500"
},
{
"name": "1016339",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016339"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka \"Hyperlink COM Object Buffer Overflow Vulnerability.\" NOTE: this is a different issue than CVE-2006-3059."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060622 MS Excel Remote Code Execution POC Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438057/100/0/threaded"
},
{
"name": "20060622 RE: MS Excel Remote Code Execution POC Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438093/100/0/threaded"
},
{
"name": "20060623 Re: MS Excel Remote Code Execution POC Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438373/100/0/threaded"
},
{
"name": "VU#394444",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/394444"
},
{
"name": "20060623 Re: Re: MS Excel Remote Code Execution POC Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438156/100/0/threaded"
},
{
"name": "20060808 TSRT-06-10: Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/442724/100/0/threaded"
},
{
"name": "ADV-2006-2431",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2431"
},
{
"name": "oval:org.mitre.oval:def:999",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A999"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx"
},
{
"name": "20060622 Re: MS Excel Remote Code Execution POC Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438096/100/0/threaded"
},
{
"name": "26666",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26666"
},
{
"name": "excel-hlink-bo(27224)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27224"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-10.html"
},
{
"name": "20060618 ***ULTRALAME*** Microsoft Excel Unicode Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115067840426070\u0026w=2"
},
{
"name": "20748",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20748"
},
{
"name": "MS06-050",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050"
},
{
"name": "18500",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18500"
},
{
"name": "1016339",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016339"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka \"Hyperlink COM Object Buffer Overflow Vulnerability.\" NOTE: this is a different issue than CVE-2006-3059."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060622 MS Excel Remote Code Execution POC Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438057/100/0/threaded"
},
{
"name": "20060622 RE: MS Excel Remote Code Execution POC Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438093/100/0/threaded"
},
{
"name": "20060623 Re: MS Excel Remote Code Execution POC Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438373/100/0/threaded"
},
{
"name": "VU#394444",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/394444"
},
{
"name": "20060623 Re: Re: MS Excel Remote Code Execution POC Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438156/100/0/threaded"
},
{
"name": "20060808 TSRT-06-10: Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442724/100/0/threaded"
},
{
"name": "ADV-2006-2431",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2431"
},
{
"name": "oval:org.mitre.oval:def:999",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A999"
},
{
"name": "http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx",
"refsource": "MISC",
"url": "http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx"
},
{
"name": "20060622 Re: MS Excel Remote Code Execution POC Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438096/100/0/threaded"
},
{
"name": "26666",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26666"
},
{
"name": "excel-hlink-bo(27224)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27224"
},
{
"name": "http://www.tippingpoint.com/security/advisories/TSRT-06-10.html",
"refsource": "MISC",
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-10.html"
},
{
"name": "20060618 ***ULTRALAME*** Microsoft Excel Unicode Overflow",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=115067840426070\u0026w=2"
},
{
"name": "20748",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20748"
},
{
"name": "MS06-050",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050"
},
{
"name": "18500",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18500"
},
{
"name": "1016339",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016339"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3086",
"datePublished": "2006-06-19T19:00:00",
"dateReserved": "2006-06-19T00:00:00",
"dateUpdated": "2024-08-07T18:16:06.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3438 (GCVE-0-2006-3438)
Vulnerability from nvd – Published: 2006-08-09 00:00 – Updated: 2024-08-07 18:30
VLAI?
Summary
Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file containing a malformed function," aka "Hyperlink Object Function Vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:33.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1016659",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016659"
},
{
"name": "19405",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19405"
},
{
"name": "oval:org.mitre.oval:def:115",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A115"
},
{
"name": "VU#683612",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/683612"
},
{
"name": "TA06-220A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "MS06-050",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll \"uses a file containing a malformed function,\" aka \"Hyperlink Object Function Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "1016659",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016659"
},
{
"name": "19405",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19405"
},
{
"name": "oval:org.mitre.oval:def:115",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A115"
},
{
"name": "VU#683612",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/683612"
},
{
"name": "TA06-220A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "MS06-050",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-3438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll \"uses a file containing a malformed function,\" aka \"Hyperlink Object Function Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016659",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016659"
},
{
"name": "19405",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19405"
},
{
"name": "oval:org.mitre.oval:def:115",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A115"
},
{
"name": "VU#683612",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/683612"
},
{
"name": "TA06-220A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "MS06-050",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-3438",
"datePublished": "2006-08-09T00:00:00",
"dateReserved": "2006-07-07T00:00:00",
"dateUpdated": "2024-08-07T18:30:33.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3086 (GCVE-0-2006-3086)
Vulnerability from nvd – Published: 2006-06-19 19:00 – Updated: 2024-08-07 18:16
VLAI?
Summary
Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka "Hyperlink COM Object Buffer Overflow Vulnerability." NOTE: this is a different issue than CVE-2006-3059.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:16:06.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060622 MS Excel Remote Code Execution POC Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438057/100/0/threaded"
},
{
"name": "20060622 RE: MS Excel Remote Code Execution POC Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438093/100/0/threaded"
},
{
"name": "20060623 Re: MS Excel Remote Code Execution POC Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438373/100/0/threaded"
},
{
"name": "VU#394444",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/394444"
},
{
"name": "20060623 Re: Re: MS Excel Remote Code Execution POC Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438156/100/0/threaded"
},
{
"name": "20060808 TSRT-06-10: Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/442724/100/0/threaded"
},
{
"name": "ADV-2006-2431",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2431"
},
{
"name": "oval:org.mitre.oval:def:999",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A999"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx"
},
{
"name": "20060622 Re: MS Excel Remote Code Execution POC Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438096/100/0/threaded"
},
{
"name": "26666",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26666"
},
{
"name": "excel-hlink-bo(27224)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27224"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-10.html"
},
{
"name": "20060618 ***ULTRALAME*** Microsoft Excel Unicode Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115067840426070\u0026w=2"
},
{
"name": "20748",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20748"
},
{
"name": "MS06-050",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050"
},
{
"name": "18500",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18500"
},
{
"name": "1016339",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016339"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka \"Hyperlink COM Object Buffer Overflow Vulnerability.\" NOTE: this is a different issue than CVE-2006-3059."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060622 MS Excel Remote Code Execution POC Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438057/100/0/threaded"
},
{
"name": "20060622 RE: MS Excel Remote Code Execution POC Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438093/100/0/threaded"
},
{
"name": "20060623 Re: MS Excel Remote Code Execution POC Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438373/100/0/threaded"
},
{
"name": "VU#394444",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/394444"
},
{
"name": "20060623 Re: Re: MS Excel Remote Code Execution POC Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438156/100/0/threaded"
},
{
"name": "20060808 TSRT-06-10: Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/442724/100/0/threaded"
},
{
"name": "ADV-2006-2431",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2431"
},
{
"name": "oval:org.mitre.oval:def:999",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A999"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx"
},
{
"name": "20060622 Re: MS Excel Remote Code Execution POC Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438096/100/0/threaded"
},
{
"name": "26666",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26666"
},
{
"name": "excel-hlink-bo(27224)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27224"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-10.html"
},
{
"name": "20060618 ***ULTRALAME*** Microsoft Excel Unicode Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115067840426070\u0026w=2"
},
{
"name": "20748",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20748"
},
{
"name": "MS06-050",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050"
},
{
"name": "18500",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18500"
},
{
"name": "1016339",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016339"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka \"Hyperlink COM Object Buffer Overflow Vulnerability.\" NOTE: this is a different issue than CVE-2006-3059."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060622 MS Excel Remote Code Execution POC Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438057/100/0/threaded"
},
{
"name": "20060622 RE: MS Excel Remote Code Execution POC Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438093/100/0/threaded"
},
{
"name": "20060623 Re: MS Excel Remote Code Execution POC Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438373/100/0/threaded"
},
{
"name": "VU#394444",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/394444"
},
{
"name": "20060623 Re: Re: MS Excel Remote Code Execution POC Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438156/100/0/threaded"
},
{
"name": "20060808 TSRT-06-10: Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/442724/100/0/threaded"
},
{
"name": "ADV-2006-2431",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2431"
},
{
"name": "oval:org.mitre.oval:def:999",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A999"
},
{
"name": "http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx",
"refsource": "MISC",
"url": "http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx"
},
{
"name": "20060622 Re: MS Excel Remote Code Execution POC Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438096/100/0/threaded"
},
{
"name": "26666",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26666"
},
{
"name": "excel-hlink-bo(27224)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27224"
},
{
"name": "http://www.tippingpoint.com/security/advisories/TSRT-06-10.html",
"refsource": "MISC",
"url": "http://www.tippingpoint.com/security/advisories/TSRT-06-10.html"
},
{
"name": "20060618 ***ULTRALAME*** Microsoft Excel Unicode Overflow",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=115067840426070\u0026w=2"
},
{
"name": "20748",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20748"
},
{
"name": "MS06-050",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050"
},
{
"name": "18500",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18500"
},
{
"name": "1016339",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016339"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3086",
"datePublished": "2006-06-19T19:00:00",
"dateReserved": "2006-06-19T00:00:00",
"dateUpdated": "2024-08-07T18:16:06.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}