cvelistv5 - CVE-2006-3086

CVE-2006-3086 (GCVE-0-2006-3086)

Vulnerability from cvelistv5 – Published: 2006-06-19 19:00 – Updated: 2024-08-07 18:16

Summary

Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka "Hyperlink COM Object Buffer Overflow Vulnerability." NOTE: this is a different issue than CVE-2006-3059.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/archive/1/438057/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/438093/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/438373/100…	mailing-listx_refsource_BUGTRAQ
	http://www.kb.cert.org/vuls/id/394444	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/archive/1/438156/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/442724/100…	mailing-listx_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2006/2431	vdb-entryx_refsource_VUPEN
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://blogs.technet.com/msrc/archive/2006/06/20/…	x_refsource_MISC
	http://www.securityfocus.com/archive/1/438096/100…	mailing-listx_refsource_BUGTRAQ
	http://www.osvdb.org/26666	vdb-entryx_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.tippingpoint.com/security/advisories/T…	x_refsource_MISC
	http://marc.info/?l=full-disclosure&m=11506784042…	mailing-listx_refsource_FULLDISC
	http://secunia.com/advisories/20748	third-party-advisoryx_refsource_SECUNIA
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securityfocus.com/bid/18500	vdb-entryx_refsource_BID
	http://securitytracker.com/id?1016339	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:16:06.108Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20060622 MS Excel Remote Code Execution POC Exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/438057/100/0/threaded"
          },
          {
            "name": "20060622 RE: MS Excel Remote Code Execution POC Exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/438093/100/0/threaded"
          },
          {
            "name": "20060623 Re: MS Excel Remote Code Execution POC Exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/438373/100/0/threaded"
          },
          {
            "name": "VU#394444",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/394444"
          },
          {
            "name": "20060623 Re: Re: MS Excel Remote Code Execution POC Exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/438156/100/0/threaded"
          },
          {
            "name": "20060808 TSRT-06-10: Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/442724/100/0/threaded"
          },
          {
            "name": "ADV-2006-2431",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2431"
          },
          {
            "name": "oval:org.mitre.oval:def:999",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A999"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx"
          },
          {
            "name": "20060622 Re: MS Excel Remote Code Execution POC Exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/438096/100/0/threaded"
          },
          {
            "name": "26666",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/26666"
          },
          {
            "name": "excel-hlink-bo(27224)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27224"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.tippingpoint.com/security/advisories/TSRT-06-10.html"
          },
          {
            "name": "20060618 ***ULTRALAME*** Microsoft Excel Unicode Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=full-disclosure\u0026m=115067840426070\u0026w=2"
          },
          {
            "name": "20748",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20748"
          },
          {
            "name": "MS06-050",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050"
          },
          {
            "name": "18500",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18500"
          },
          {
            "name": "1016339",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016339"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka \"Hyperlink COM Object Buffer Overflow Vulnerability.\" NOTE: this is a different issue than CVE-2006-3059."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20060622 MS Excel Remote Code Execution POC Exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/438057/100/0/threaded"
        },
        {
          "name": "20060622 RE: MS Excel Remote Code Execution POC Exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/438093/100/0/threaded"
        },
        {
          "name": "20060623 Re: MS Excel Remote Code Execution POC Exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/438373/100/0/threaded"
        },
        {
          "name": "VU#394444",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/394444"
        },
        {
          "name": "20060623 Re: Re: MS Excel Remote Code Execution POC Exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/438156/100/0/threaded"
        },
        {
          "name": "20060808 TSRT-06-10: Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/442724/100/0/threaded"
        },
        {
          "name": "ADV-2006-2431",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2431"
        },
        {
          "name": "oval:org.mitre.oval:def:999",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A999"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx"
        },
        {
          "name": "20060622 Re: MS Excel Remote Code Execution POC Exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/438096/100/0/threaded"
        },
        {
          "name": "26666",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/26666"
        },
        {
          "name": "excel-hlink-bo(27224)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27224"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.tippingpoint.com/security/advisories/TSRT-06-10.html"
        },
        {
          "name": "20060618 ***ULTRALAME*** Microsoft Excel Unicode Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://marc.info/?l=full-disclosure\u0026m=115067840426070\u0026w=2"
        },
        {
          "name": "20748",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20748"
        },
        {
          "name": "MS06-050",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050"
        },
        {
          "name": "18500",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18500"
        },
        {
          "name": "1016339",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016339"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3086",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka \"Hyperlink COM Object Buffer Overflow Vulnerability.\" NOTE: this is a different issue than CVE-2006-3059."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060622 MS Excel Remote Code Execution POC Exploit",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/438057/100/0/threaded"
            },
            {
              "name": "20060622 RE: MS Excel Remote Code Execution POC Exploit",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/438093/100/0/threaded"
            },
            {
              "name": "20060623 Re: MS Excel Remote Code Execution POC Exploit",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/438373/100/0/threaded"
            },
            {
              "name": "VU#394444",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/394444"
            },
            {
              "name": "20060623 Re: Re: MS Excel Remote Code Execution POC Exploit",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/438156/100/0/threaded"
            },
            {
              "name": "20060808 TSRT-06-10: Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/442724/100/0/threaded"
            },
            {
              "name": "ADV-2006-2431",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2431"
            },
            {
              "name": "oval:org.mitre.oval:def:999",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A999"
            },
            {
              "name": "http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx",
              "refsource": "MISC",
              "url": "http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx"
            },
            {
              "name": "20060622 Re: MS Excel Remote Code Execution POC Exploit",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/438096/100/0/threaded"
            },
            {
              "name": "26666",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/26666"
            },
            {
              "name": "excel-hlink-bo(27224)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27224"
            },
            {
              "name": "http://www.tippingpoint.com/security/advisories/TSRT-06-10.html",
              "refsource": "MISC",
              "url": "http://www.tippingpoint.com/security/advisories/TSRT-06-10.html"
            },
            {
              "name": "20060618 ***ULTRALAME*** Microsoft Excel Unicode Overflow",
              "refsource": "FULLDISC",
              "url": "http://marc.info/?l=full-disclosure\u0026m=115067840426070\u0026w=2"
            },
            {
              "name": "20748",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20748"
            },
            {
              "name": "MS06-050",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050"
            },
            {
              "name": "18500",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18500"
            },
            {
              "name": "1016339",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016339"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3086",
    "datePublished": "2006-06-19T19:00:00",
    "dateReserved": "2006-06-19T00:00:00",
    "dateUpdated": "2024-08-07T18:16:06.108Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:hyperlink_object_library:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC8470B2-118A-4A5E-94CA-636BFA8A75F6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka \\\"Hyperlink COM Object Buffer Overflow Vulnerability.\\\" NOTE: this is a different issue than CVE-2006-3059.\"}, {\"lang\": \"es\", \"value\": \"Un desbordamiento de b\\u00fafer basado en pila en la funci\\u00f3n HrShellOpenWithMonikerDisplayName en la Biblioteca de objetos de Hiperv\\u00ednuclo de Microsoft (hlink.dll) permite a atacantes remotos causar una denegaci\\u00f3n de servicio (ca\\u00edda de la aplicaci\\u00f3n) y posiblemente ejecutar c\\u00f3digo de su elecci\\u00f3n a trav\\u00e9s de un hiperv\\u00ednculo demasiado largo, tal y como se demuestra con una hoja de c\\u00e1lculo Excel con un enlace en Unicode demasiado largo. Se trata de un problema tambi\\u00e9n conocido como \\\"vulnerabilidad de desbordamiento de b\\u00fafer del objeto hiperv\\u00ednculo COM.\\\" NOTA: se trata de un problema diferente al del CVE-2006-3059.\"}]",
      "id": "CVE-2006-3086",
      "lastModified": "2024-11-21T00:12:47.420",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2006-06-19T19:02:00.000",
      "references": "[{\"url\": \"http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=full-disclosure\u0026m=115067840426070\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/20748\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1016339\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/394444\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/26666\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/438057/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/438093/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/438096/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/438156/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/438373/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/442724/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/18500\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.tippingpoint.com/security/advisories/TSRT-06-10.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2431\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27224\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A999\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=full-disclosure\u0026m=115067840426070\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/20748\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1016339\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/394444\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/26666\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/438057/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/438093/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/438096/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/438156/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/438373/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/442724/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/18500\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.tippingpoint.com/security/advisories/TSRT-06-10.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2431\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27224\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A999\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-3086\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-06-19T19:02:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka \\\"Hyperlink COM Object Buffer Overflow Vulnerability.\\\" NOTE: this is a different issue than CVE-2006-3059.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento de b\u00fafer basado en pila en la funci\u00f3n HrShellOpenWithMonikerDisplayName en la Biblioteca de objetos de Hiperv\u00ednuclo de Microsoft (hlink.dll) permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un hiperv\u00ednculo demasiado largo, tal y como se demuestra con una hoja de c\u00e1lculo Excel con un enlace en Unicode demasiado largo. Se trata de un problema tambi\u00e9n conocido como \\\"vulnerabilidad de desbordamiento de b\u00fafer del objeto hiperv\u00ednculo COM.\\\" NOTA: se trata de un problema diferente al del CVE-2006-3059.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:hyperlink_object_library:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC8470B2-118A-4A5E-94CA-636BFA8A75F6\"}]}]}],\"references\":[{\"url\":\"http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=full-disclosure\u0026m=115067840426070\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/20748\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016339\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/394444\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/26666\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/438057/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/438093/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/438096/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/438156/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/438373/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/442724/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/18500\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.tippingpoint.com/security/advisories/TSRT-06-10.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/2431\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27224\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A999\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=full-disclosure\u0026m=115067840426070\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/20748\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016339\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/394444\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/26666\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/438057/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/438093/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/438096/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/438156/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/438373/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/442724/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/18500\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.tippingpoint.com/security/advisories/TSRT-06-10.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/2431\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27224\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A999\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2006-AVI-348

Vulnerability from certfr_avis - Published: - Updated:

Deux vulnérabilités présentes dans la bibliothèque de fonctions hlink.dll de Microsoft Windows permettent à un utilisateur distant mal intentionné d'éxecuter du code arbitraire.

Description

La bibliothèque de fonctions hlink.dll de Microsoft Windows permet la mise en œuvre de liens hypertexte dans différentes applications comme Outlook ou celles de la suite Office . Deux vulnérabilités présentes dans des fonctions de cette bibliothèque permettent à un utilisateur mal intentionné d'exécuter du code arbitraire par le biais d'un objet de type « lien hypertexte » construit de façon particulière. Cet objet peut être véhiculé via un message électronique ou bien via un document Office comme une feuille de calculs Excel par exemple.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows Server 2003 édition x64.
Microsoft	Windows	Microsoft Windows Server 2003 ;
Microsoft	Windows	Microsoft Windows Server 2003 Service Pack 1 ;
Microsoft	Windows	Microsoft Windows XP Service Pack 1 et 2 ;
Microsoft	Windows	Microsoft Windows Server 2003 pour Itanium Service Pack 1 ;
Microsoft	Windows	Microsoft Windows Server 2003 pour Itanium ;
Microsoft	Windows	Microsoft Windows XP édition x64 ;
Microsoft	Windows	Microsoft Windows 2000 Service Pack 4 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS06-050 du 08 août 2006

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows Server 2003 \u00e9dition x64.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 Service Pack 1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP Service Pack 1 et 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 pour Itanium Service Pack 1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 pour Itanium ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP \u00e9dition x64 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2000 Service Pack 4 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLa biblioth\u00e8que de fonctions hlink.dll de Microsoft Windows permet la\nmise en \u0153uvre de liens hypertexte dans diff\u00e9rentes applications comme\nOutlook ou celles de la suite Office . Deux vuln\u00e9rabilit\u00e9s pr\u00e9sentes\ndans des fonctions de cette biblioth\u00e8que permettent \u00e0 un utilisateur mal\nintentionn\u00e9 d\u0027ex\u00e9cuter du code arbitraire par le biais d\u0027un objet de\ntype \u00ab lien hypertexte \u00bb construit de fa\u00e7on particuli\u00e8re. Cet objet peut\n\u00eatre v\u00e9hicul\u00e9 via un message \u00e9lectronique ou bien via un document Office\ncomme une feuille de calculs Excel par exemple.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-3438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3438"
    },
    {
      "name": "CVE-2006-3086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3086"
    }
  ],
  "links": [],
  "reference": "CERTA-2006-AVI-348",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-08-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans la biblioth\u00e8que de fonctions\nhlink.dll de Microsoft Windows permettent \u00e0 un utilisateur distant mal\nintentionn\u00e9 d\u0027\u00e9xecuter du code arbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans la biblioth\u00e8que \u003cTT\u003ehlink.dll\u003c/TT\u003e de Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-050 du 08 ao\u00fbt 2006",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS06-050.mspx"
    }
  ]
}

CERTA-2006-AVI-348

Vulnerability from certfr_avis - Published: - Updated:

Deux vulnérabilités présentes dans la bibliothèque de fonctions hlink.dll de Microsoft Windows permettent à un utilisateur distant mal intentionné d'éxecuter du code arbitraire.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows Server 2003 édition x64.
Microsoft	Windows	Microsoft Windows Server 2003 ;
Microsoft	Windows	Microsoft Windows Server 2003 Service Pack 1 ;
Microsoft	Windows	Microsoft Windows XP Service Pack 1 et 2 ;
Microsoft	Windows	Microsoft Windows Server 2003 pour Itanium Service Pack 1 ;
Microsoft	Windows	Microsoft Windows Server 2003 pour Itanium ;
Microsoft	Windows	Microsoft Windows XP édition x64 ;
Microsoft	Windows	Microsoft Windows 2000 Service Pack 4 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS06-050 du 08 août 2006

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows Server 2003 \u00e9dition x64.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 Service Pack 1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP Service Pack 1 et 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 pour Itanium Service Pack 1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 pour Itanium ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP \u00e9dition x64 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2000 Service Pack 4 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLa biblioth\u00e8que de fonctions hlink.dll de Microsoft Windows permet la\nmise en \u0153uvre de liens hypertexte dans diff\u00e9rentes applications comme\nOutlook ou celles de la suite Office . Deux vuln\u00e9rabilit\u00e9s pr\u00e9sentes\ndans des fonctions de cette biblioth\u00e8que permettent \u00e0 un utilisateur mal\nintentionn\u00e9 d\u0027ex\u00e9cuter du code arbitraire par le biais d\u0027un objet de\ntype \u00ab lien hypertexte \u00bb construit de fa\u00e7on particuli\u00e8re. Cet objet peut\n\u00eatre v\u00e9hicul\u00e9 via un message \u00e9lectronique ou bien via un document Office\ncomme une feuille de calculs Excel par exemple.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-3438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3438"
    },
    {
      "name": "CVE-2006-3086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3086"
    }
  ],
  "links": [],
  "reference": "CERTA-2006-AVI-348",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-08-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans la biblioth\u00e8que de fonctions\nhlink.dll de Microsoft Windows permettent \u00e0 un utilisateur distant mal\nintentionn\u00e9 d\u0027\u00e9xecuter du code arbitraire.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans la biblioth\u00e8que \u003cTT\u003ehlink.dll\u003c/TT\u003e de Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-050 du 08 ao\u00fbt 2006",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS06-050.mspx"
    }
  ]
}

GHSA-43VM-VJ9C-QCH2

Vulnerability from github – Published: 2022-05-01 07:05 – Updated: 2022-05-01 07:05

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-3086"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-06-19T19:02:00Z",
    "severity": "HIGH"
  },
  "details": "Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka \"Hyperlink COM Object Buffer Overflow Vulnerability.\" NOTE: this is a different issue than CVE-2006-3059.",
  "id": "GHSA-43vm-vj9c-qch2",
  "modified": "2022-05-01T07:05:32Z",
  "published": "2022-05-01T07:05:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3086"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27224"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A999"
    },
    {
      "type": "WEB",
      "url": "http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=full-disclosure\u0026m=115067840426070\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20748"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016339"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/394444"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/26666"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/438057/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/438093/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/438096/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/438156/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/438373/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/442724/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/18500"
    },
    {
      "type": "WEB",
      "url": "http://www.tippingpoint.com/security/advisories/TSRT-06-10.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/2431"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2006-3086

Vulnerability from fkie_nvd - Published: 2006-06-19 19:02 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx
cve@mitre.org	http://marc.info/?l=full-disclosure&m=115067840426070&w=2
cve@mitre.org	http://secunia.com/advisories/20748	Patch, Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1016339	Patch
cve@mitre.org	http://www.kb.cert.org/vuls/id/394444	US Government Resource
cve@mitre.org	http://www.osvdb.org/26666
cve@mitre.org	http://www.securityfocus.com/archive/1/438057/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/438093/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/438096/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/438156/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/438373/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/442724/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/18500	Exploit
cve@mitre.org	http://www.tippingpoint.com/security/advisories/TSRT-06-10.html	Patch, Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2006/2431
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/27224
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A999
af854a3a-2127-422b-91ae-364da2661108	http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=full-disclosure&m=115067840426070&w=2
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20748	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016339	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/394444	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/26666
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/438057/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/438093/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/438096/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/438156/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/438373/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/442724/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/18500	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.tippingpoint.com/security/advisories/TSRT-06-10.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2431
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/27224
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A999

Impacted products

	Vendor	Product	Version
	microsoft	hyperlink_object_library	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:hyperlink_object_library:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC8470B2-118A-4A5E-94CA-636BFA8A75F6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka \"Hyperlink COM Object Buffer Overflow Vulnerability.\" NOTE: this is a different issue than CVE-2006-3059."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de b\u00fafer basado en pila en la funci\u00f3n HrShellOpenWithMonikerDisplayName en la Biblioteca de objetos de Hiperv\u00ednuclo de Microsoft (hlink.dll) permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un hiperv\u00ednculo demasiado largo, tal y como se demuestra con una hoja de c\u00e1lculo Excel con un enlace en Unicode demasiado largo. Se trata de un problema tambi\u00e9n conocido como \"vulnerabilidad de desbordamiento de b\u00fafer del objeto hiperv\u00ednculo COM.\" NOTA: se trata de un problema diferente al del CVE-2006-3059."
    }
  ],
  "id": "CVE-2006-3086",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-06-19T19:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=full-disclosure\u0026m=115067840426070\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20748"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1016339"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/394444"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/26666"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/438057/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/438093/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/438096/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/438156/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/438373/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/442724/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/18500"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.tippingpoint.com/security/advisories/TSRT-06-10.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/2431"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27224"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=full-disclosure\u0026m=115067840426070\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20748"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1016339"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/394444"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/26666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/438057/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/438093/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/438096/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/438156/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/438373/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/442724/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/18500"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.tippingpoint.com/security/advisories/TSRT-06-10.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/2431"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27224"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A999"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2006-3086

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-3086

Aliases

CVE-2006-3086

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-3086",
    "description": "Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka \"Hyperlink COM Object Buffer Overflow Vulnerability.\" NOTE: this is a different issue than CVE-2006-3059.",
    "id": "GSD-2006-3086"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-3086"
      ],
      "details": "Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka \"Hyperlink COM Object Buffer Overflow Vulnerability.\" NOTE: this is a different issue than CVE-2006-3059.",
      "id": "GSD-2006-3086",
      "modified": "2023-12-13T01:19:56.919288Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-3086",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka \"Hyperlink COM Object Buffer Overflow Vulnerability.\" NOTE: this is a different issue than CVE-2006-3059."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20060622 MS Excel Remote Code Execution POC Exploit",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/438057/100/0/threaded"
          },
          {
            "name": "20060622 RE: MS Excel Remote Code Execution POC Exploit",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/438093/100/0/threaded"
          },
          {
            "name": "20060623 Re: MS Excel Remote Code Execution POC Exploit",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/438373/100/0/threaded"
          },
          {
            "name": "VU#394444",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/394444"
          },
          {
            "name": "20060623 Re: Re: MS Excel Remote Code Execution POC Exploit",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/438156/100/0/threaded"
          },
          {
            "name": "20060808 TSRT-06-10: Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/442724/100/0/threaded"
          },
          {
            "name": "ADV-2006-2431",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/2431"
          },
          {
            "name": "oval:org.mitre.oval:def:999",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A999"
          },
          {
            "name": "http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx",
            "refsource": "MISC",
            "url": "http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx"
          },
          {
            "name": "20060622 Re: MS Excel Remote Code Execution POC Exploit",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/438096/100/0/threaded"
          },
          {
            "name": "26666",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/26666"
          },
          {
            "name": "excel-hlink-bo(27224)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27224"
          },
          {
            "name": "http://www.tippingpoint.com/security/advisories/TSRT-06-10.html",
            "refsource": "MISC",
            "url": "http://www.tippingpoint.com/security/advisories/TSRT-06-10.html"
          },
          {
            "name": "20060618 ***ULTRALAME*** Microsoft Excel Unicode Overflow",
            "refsource": "FULLDISC",
            "url": "http://marc.info/?l=full-disclosure\u0026m=115067840426070\u0026w=2"
          },
          {
            "name": "20748",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20748"
          },
          {
            "name": "MS06-050",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050"
          },
          {
            "name": "18500",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/18500"
          },
          {
            "name": "1016339",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016339"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:hyperlink_object_library:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3086"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka \"Hyperlink COM Object Buffer Overflow Vulnerability.\" NOTE: this is a different issue than CVE-2006-3059."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "18500",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/18500"
            },
            {
              "name": "http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx",
              "refsource": "MISC",
              "tags": [],
              "url": "http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx"
            },
            {
              "name": "20748",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/20748"
            },
            {
              "name": "VU#394444",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/394444"
            },
            {
              "name": "1016339",
              "refsource": "SECTRACK",
              "tags": [
                "Patch"
              ],
              "url": "http://securitytracker.com/id?1016339"
            },
            {
              "name": "26666",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/26666"
            },
            {
              "name": "http://www.tippingpoint.com/security/advisories/TSRT-06-10.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.tippingpoint.com/security/advisories/TSRT-06-10.html"
            },
            {
              "name": "ADV-2006-2431",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/2431"
            },
            {
              "name": "20060618 ***ULTRALAME*** Microsoft Excel Unicode Overflow",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://marc.info/?l=full-disclosure\u0026m=115067840426070\u0026w=2"
            },
            {
              "name": "excel-hlink-bo(27224)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27224"
            },
            {
              "name": "oval:org.mitre.oval:def:999",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A999"
            },
            {
              "name": "MS06-050",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050"
            },
            {
              "name": "20060808 TSRT-06-10: Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/442724/100/0/threaded"
            },
            {
              "name": "20060623 Re: MS Excel Remote Code Execution POC Exploit",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/438373/100/0/threaded"
            },
            {
              "name": "20060623 Re: Re: MS Excel Remote Code Execution POC Exploit",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/438156/100/0/threaded"
            },
            {
              "name": "20060622 Re: MS Excel Remote Code Execution POC Exploit",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/438096/100/0/threaded"
            },
            {
              "name": "20060622 RE: MS Excel Remote Code Execution POC Exploit",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/438093/100/0/threaded"
            },
            {
              "name": "20060622 MS Excel Remote Code Execution POC Exploit",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/438057/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-18T16:45Z",
      "publishedDate": "2006-06-19T19:02Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-3086 (GCVE-0-2006-3086)

CERTA-2006-AVI-348

Description

Solution

CERTA-2006-AVI-348

Description

Solution

GHSA-43VM-VJ9C-QCH2

FKIE_CVE-2006-3086

GSD-2006-3086

Tags

Sightings

Nomenclature