cvelistv5 - CVE-2006-4868

CVE-2006-4868 (GCVE-0-2006-4868)

Vulnerability from cvelistv5 – Published: 2006-09-19 19:00 – Updated: 2024-08-07 19:32

Summary

Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://blogs.securiteam.com/index.php/archives/624	x_refsource_MISC
	http://www.securityfocus.com/archive/1/446881/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/20096	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/446523/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/446505/100…	mailing-listx_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2006/3679	vdb-entryx_refsource_VUPEN
	http://www.kb.cert.org/vuls/id/416092	third-party-advisoryx_refsource_CERT-VN
	http://www.microsoft.com/technet/security/advisor…	x_refsource_CONFIRM
	http://support.microsoft.com/kb/925486	vendor-advisoryx_refsource_MSKB
	http://secunia.com/advisories/21989	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/448552/100…	vendor-advisoryx_refsource_HP
	http://www.securityfocus.com/archive/1/448552/100…	vendor-advisoryx_refsource_HP
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.us-cert.gov/cas/techalerts/TA06-262A.html	third-party-advisoryx_refsource_CERT
	http://www.securityfocus.com/archive/1/446528/100…	mailing-listx_refsource_BUGTRAQ
	http://www.osvdb.org/28946	vdb-entryx_refsource_OSVDB
	http://securitytracker.com/id?1016879	vdb-entryx_refsource_SECTRACK
	http://sunbeltblog.blogspot.com/2006/09/seen-in-w…	x_refsource_MISC
	http://www.securityfocus.com/archive/1/447070/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/446378/100…	mailing-listx_refsource_BUGTRAQ
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:32:21.603Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.securiteam.com/index.php/archives/624"
          },
          {
            "name": "20060924 Windows VML Vulnerability FAQ (CVE-2006-4868) written",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/446881/100/200/threaded"
          },
          {
            "name": "20096",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20096"
          },
          {
            "name": "20060920 RE: vml.c - Internet Explorer VML Buffer Overflow Download Exec Exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/446523/100/0/threaded"
          },
          {
            "name": "20060920 vml.c - Internet Explorer VML Buffer Overflow Download Exec Exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/446505/100/0/threaded"
          },
          {
            "name": "ADV-2006-3679",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3679"
          },
          {
            "name": "VU#416092",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/416092"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.microsoft.com/technet/security/advisory/925568.mspx"
          },
          {
            "name": "925486",
            "tags": [
              "vendor-advisory",
              "x_refsource_MSKB",
              "x_transferred"
            ],
            "url": "http://support.microsoft.com/kb/925486"
          },
          {
            "name": "21989",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21989"
          },
          {
            "name": "SSRT061254",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/448552/100/0/threaded"
          },
          {
            "name": "HPSBST02160",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/448552/100/0/threaded"
          },
          {
            "name": "MS06-055",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-055"
          },
          {
            "name": "TA06-262A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-262A.html"
          },
          {
            "name": "20060920 Internet Explorer VML Zero-Day Mitigation",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/446528/100/0/threaded"
          },
          {
            "name": "28946",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/28946"
          },
          {
            "name": "1016879",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016879"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html"
          },
          {
            "name": "20060926 Windows VML security update MS06-055 released",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/447070/100/0/threaded"
          },
          {
            "name": "20060919 Yet another 0day for IE",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/446378/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:100",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100"
          },
          {
            "name": "ie-vml-bo(29004)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29004"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.securiteam.com/index.php/archives/624"
        },
        {
          "name": "20060924 Windows VML Vulnerability FAQ (CVE-2006-4868) written",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/446881/100/200/threaded"
        },
        {
          "name": "20096",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20096"
        },
        {
          "name": "20060920 RE: vml.c - Internet Explorer VML Buffer Overflow Download Exec Exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/446523/100/0/threaded"
        },
        {
          "name": "20060920 vml.c - Internet Explorer VML Buffer Overflow Download Exec Exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/446505/100/0/threaded"
        },
        {
          "name": "ADV-2006-3679",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3679"
        },
        {
          "name": "VU#416092",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/416092"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.microsoft.com/technet/security/advisory/925568.mspx"
        },
        {
          "name": "925486",
          "tags": [
            "vendor-advisory",
            "x_refsource_MSKB"
          ],
          "url": "http://support.microsoft.com/kb/925486"
        },
        {
          "name": "21989",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21989"
        },
        {
          "name": "SSRT061254",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/448552/100/0/threaded"
        },
        {
          "name": "HPSBST02160",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/448552/100/0/threaded"
        },
        {
          "name": "MS06-055",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-055"
        },
        {
          "name": "TA06-262A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-262A.html"
        },
        {
          "name": "20060920 Internet Explorer VML Zero-Day Mitigation",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/446528/100/0/threaded"
        },
        {
          "name": "28946",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/28946"
        },
        {
          "name": "1016879",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016879"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html"
        },
        {
          "name": "20060926 Windows VML security update MS06-055 released",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/447070/100/0/threaded"
        },
        {
          "name": "20060919 Yet another 0day for IE",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/446378/100/0/threaded"
        },
        {
          "name": "oval:org.mitre.oval:def:100",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100"
        },
        {
          "name": "ie-vml-bo(29004)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29004"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4868",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://blogs.securiteam.com/index.php/archives/624",
              "refsource": "MISC",
              "url": "http://blogs.securiteam.com/index.php/archives/624"
            },
            {
              "name": "20060924 Windows VML Vulnerability FAQ (CVE-2006-4868) written",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/446881/100/200/threaded"
            },
            {
              "name": "20096",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/20096"
            },
            {
              "name": "20060920 RE: vml.c - Internet Explorer VML Buffer Overflow Download Exec Exploit",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/446523/100/0/threaded"
            },
            {
              "name": "20060920 vml.c - Internet Explorer VML Buffer Overflow Download Exec Exploit",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/446505/100/0/threaded"
            },
            {
              "name": "ADV-2006-3679",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3679"
            },
            {
              "name": "VU#416092",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/416092"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/925568.mspx",
              "refsource": "CONFIRM",
              "url": "http://www.microsoft.com/technet/security/advisory/925568.mspx"
            },
            {
              "name": "925486",
              "refsource": "MSKB",
              "url": "http://support.microsoft.com/kb/925486"
            },
            {
              "name": "21989",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21989"
            },
            {
              "name": "SSRT061254",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/448552/100/0/threaded"
            },
            {
              "name": "HPSBST02160",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/448552/100/0/threaded"
            },
            {
              "name": "MS06-055",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-055"
            },
            {
              "name": "TA06-262A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-262A.html"
            },
            {
              "name": "20060920 Internet Explorer VML Zero-Day Mitigation",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/446528/100/0/threaded"
            },
            {
              "name": "28946",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/28946"
            },
            {
              "name": "1016879",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016879"
            },
            {
              "name": "http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html",
              "refsource": "MISC",
              "url": "http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html"
            },
            {
              "name": "20060926 Windows VML security update MS06-055 released",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/447070/100/0/threaded"
            },
            {
              "name": "20060919 Yet another 0day for IE",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/446378/100/0/threaded"
            },
            {
              "name": "oval:org.mitre.oval:def:100",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100"
            },
            {
              "name": "ie-vml-bo(29004)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29004"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4868",
    "datePublished": "2006-09-19T19:00:00",
    "dateReserved": "2006-09-19T00:00:00",
    "dateUpdated": "2024-08-07T19:32:21.603Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\", \"matchCriteriaId\": \"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:*:*:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"580632FB-7EB8-4DC6-A372-742D4523BF79\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*\", \"matchCriteriaId\": \"CD264C73-360E-414D-BE22-192F92E5A0A3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:*:gold:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F3C557A-71D8-47F9-9E12-CE938F301E66\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE8F4276-4D97-480D-A542-FE9982FFD765\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E61F1C9B-44AF-4B35-A7B2-948EEF7639BD\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"A74985B6-BCA5-49E3-878B-77D7FA43070C\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B339C33-8896-4896-88FF-88E74FDBC543\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A19F6133-25D1-44A5-B6B9-354703436783\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C3189982-F780-4AC2-9663-E6D4DF9DD319\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\", \"matchCriteriaId\": \"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*\", \"matchCriteriaId\": \"2EB39B99-91A0-4B70-B12A-BA37F6AFBA83\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de b\\u00fafer basado en el motor Vector Graphics Rendering (vgx.dll), tal y como se usa en Microsoft Outlook e Internet Explorer 6.0 en Windows XP SP2 y posiblemente otras versiones permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n mediante un fichero Vector Markup Language (VML) con un par\\u00e1metro \\\"fill\\\" largo dentro de una etiqueta \\\"rect\\\".\"}]",
      "id": "CVE-2006-4868",
      "lastModified": "2024-11-21T00:16:56.087",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2006-09-19T19:07:00.000",
      "references": "[{\"url\": \"http://blogs.securiteam.com/index.php/archives/624\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/21989\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1016879\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://support.microsoft.com/kb/925486\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/416092\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/925568.mspx\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/28946\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/446378/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/446505/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/446523/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/446528/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/446881/100/200/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/447070/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/448552/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/448552/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/20096\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA06-262A.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/3679\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-055\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/29004\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://blogs.securiteam.com/index.php/archives/624\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/21989\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1016879\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.microsoft.com/kb/925486\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/416092\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/925568.mspx\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.osvdb.org/28946\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/446378/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/446505/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/446523/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/446528/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/446881/100/200/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/447070/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/448552/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/448552/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/20096\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA06-262A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/3679\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-055\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/29004\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-4868\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-09-19T19:07:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer basado en el motor Vector Graphics Rendering (vgx.dll), tal y como se usa en Microsoft Outlook e Internet Explorer 6.0 en Windows XP SP2 y posiblemente otras versiones permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero Vector Markup Language (VML) con un par\u00e1metro \\\"fill\\\" largo dentro de una etiqueta \\\"rect\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:*:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"580632FB-7EB8-4DC6-A372-742D4523BF79\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*\",\"matchCriteriaId\":\"CD264C73-360E-414D-BE22-192F92E5A0A3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:gold:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F3C557A-71D8-47F9-9E12-CE938F301E66\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE8F4276-4D97-480D-A542-FE9982FFD765\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E61F1C9B-44AF-4B35-A7B2-948EEF7639BD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A74985B6-BCA5-49E3-878B-77D7FA43070C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B339C33-8896-4896-88FF-88E74FDBC543\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A19F6133-25D1-44A5-B6B9-354703436783\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3189982-F780-4AC2-9663-E6D4DF9DD319\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EB39B99-91A0-4B70-B12A-BA37F6AFBA83\"}]}]}],\"references\":[{\"url\":\"http://blogs.securiteam.com/index.php/archives/624\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/21989\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016879\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.microsoft.com/kb/925486\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/416092\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.microsoft.com/technet/security/advisory/925568.mspx\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/28946\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/446378/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/446505/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/446523/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/446528/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/446881/100/200/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/447070/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/448552/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/448552/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/20096\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-262A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/3679\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-055\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/29004\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://blogs.securiteam.com/index.php/archives/624\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/21989\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016879\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.microsoft.com/kb/925486\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/416092\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.microsoft.com/technet/security/advisory/925568.mspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.osvdb.org/28946\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/446378/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/446505/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/446523/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/446528/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/446881/100/200/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/447070/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/448552/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/448552/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/20096\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-262A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/3679\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-055\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/29004\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2006-AVI-410

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité permettant d'exécuter du code arbitraire à distance a été découverte dans la bibliothèque Windows de gestion des images vectorielles (vgx.dll).

Description

Une vulnérabilité a été découverte dans la bibliothèque de gestion des documents au format VML (Vector Markup Language). Cette vulnérabilité peut être exploitée par un utilisateur mal intentionné afin d'exécuter du code arbitraire sur une machine distante vulnérable par l'intermédiaire d'un document VML spécialement construit.

Cette vulnérabilité a fait l'objet d'une alerte par le CERTA le 31 août 2006 (cf. CERTA-2006-ALE-011).

Des codes d'exploitation, utilisés dans certains cas dans des logiciels malveillants, circulent actuellement sur l'Internet.

Contournement provisoire

Se référer à l'alerte du CERTA référencé sous le numéro CERTA-2006-ALE-011

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows XP Professional x64 Edition ;
Microsoft	Windows	Microsoft Windows XP Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Server 2003 Service Pack 1 et Microsoft Windows 2003 pour Itanium Service Pack 1;
Microsoft	Windows	Microsoft Windows XP Service Pack 1 ;
Microsoft	Windows	Microsoft Windows Server 2003 x64.
Microsoft	Windows	Microsoft Windows Server 2003 et Microsoft Windows 2003 pour Itanium;

References

Title

Publication Time

Tags

Bulletin de sécurité MS06-055 de Microsoft du 26 septembre 2006	None	vendor-advisory
Bulletin de sécurité Microsoft MS06-055 du 26 septembre 2006 :	-	other
Alerte du CERTA numéro CERTA-2006-ALE-011 :	-	other
Bulletin de sécurité Microsoft MS06-055 du 26 septembre 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows XP Professional x64 Edition ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 Service Pack 1 et Microsoft Windows 2003 pour Itanium Service Pack 1;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP Service Pack 1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 x64.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 et Microsoft Windows 2003 pour Itanium;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans la biblioth\u00e8que de gestion des\ndocuments au format VML (Vector Markup Language). Cette vuln\u00e9rabilit\u00e9\npeut \u00eatre exploit\u00e9e par un utilisateur mal intentionn\u00e9 afin d\u0027ex\u00e9cuter\ndu code arbitraire sur une machine distante vuln\u00e9rable par\nl\u0027interm\u00e9diaire d\u0027un document VML sp\u00e9cialement construit.\n\nCette vuln\u00e9rabilit\u00e9 a fait l\u0027objet d\u0027une alerte par le CERTA le 31 ao\u00fbt\n2006 (cf. CERTA-2006-ALE-011).\n\nDes codes d\u0027exploitation, utilis\u00e9s dans certains cas dans des logiciels\nmalveillants, circulent actuellement sur l\u0027Internet.\n\n## Contournement provisoire\n\nSe r\u00e9f\u00e9rer \u00e0 l\u0027alerte du CERTA r\u00e9f\u00e9renc\u00e9 sous le num\u00e9ro\nCERTA-2006-ALE-011\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-4868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4868"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-055 du 26 septembre    2006 :",
      "url": "http://www.microsoft.com/france/technet/security/bulletin/MS06-055.mspx"
    },
    {
      "title": "Alerte du CERTA num\u00e9ro CERTA-2006-ALE-011 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2006-ALE-011/index.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-055 du 26 septembre    2006 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS06-055.mspx"
    }
  ],
  "reference": "CERTA-2006-AVI-410",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-09-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 permettant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance a\n\u00e9t\u00e9 d\u00e9couverte dans la biblioth\u00e8que Windows de gestion des images\nvectorielles (vgx.dll).\n",
  "title": "Vuln\u00e9rabilit\u00e9 du syst\u00e8me Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 MS06-055 de Microsoft du 26 septembre 2006",
      "url": null
    }
  ]
}

CERTA-2006-AVI-410

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité permettant d'exécuter du code arbitraire à distance a été découverte dans la bibliothèque Windows de gestion des images vectorielles (vgx.dll).

Description

Cette vulnérabilité a fait l'objet d'une alerte par le CERTA le 31 août 2006 (cf. CERTA-2006-ALE-011).

Des codes d'exploitation, utilisés dans certains cas dans des logiciels malveillants, circulent actuellement sur l'Internet.

Contournement provisoire

Se référer à l'alerte du CERTA référencé sous le numéro CERTA-2006-ALE-011

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows XP Professional x64 Edition ;
Microsoft	Windows	Microsoft Windows XP Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Server 2003 Service Pack 1 et Microsoft Windows 2003 pour Itanium Service Pack 1;
Microsoft	Windows	Microsoft Windows XP Service Pack 1 ;
Microsoft	Windows	Microsoft Windows Server 2003 x64.
Microsoft	Windows	Microsoft Windows Server 2003 et Microsoft Windows 2003 pour Itanium;

References

Title

Publication Time

Tags

Bulletin de sécurité MS06-055 de Microsoft du 26 septembre 2006	None	vendor-advisory
Bulletin de sécurité Microsoft MS06-055 du 26 septembre 2006 :	-	other
Alerte du CERTA numéro CERTA-2006-ALE-011 :	-	other
Bulletin de sécurité Microsoft MS06-055 du 26 septembre 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows XP Professional x64 Edition ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 Service Pack 1 et Microsoft Windows 2003 pour Itanium Service Pack 1;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP Service Pack 1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 x64.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 et Microsoft Windows 2003 pour Itanium;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans la biblioth\u00e8que de gestion des\ndocuments au format VML (Vector Markup Language). Cette vuln\u00e9rabilit\u00e9\npeut \u00eatre exploit\u00e9e par un utilisateur mal intentionn\u00e9 afin d\u0027ex\u00e9cuter\ndu code arbitraire sur une machine distante vuln\u00e9rable par\nl\u0027interm\u00e9diaire d\u0027un document VML sp\u00e9cialement construit.\n\nCette vuln\u00e9rabilit\u00e9 a fait l\u0027objet d\u0027une alerte par le CERTA le 31 ao\u00fbt\n2006 (cf. CERTA-2006-ALE-011).\n\nDes codes d\u0027exploitation, utilis\u00e9s dans certains cas dans des logiciels\nmalveillants, circulent actuellement sur l\u0027Internet.\n\n## Contournement provisoire\n\nSe r\u00e9f\u00e9rer \u00e0 l\u0027alerte du CERTA r\u00e9f\u00e9renc\u00e9 sous le num\u00e9ro\nCERTA-2006-ALE-011\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-4868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4868"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-055 du 26 septembre    2006 :",
      "url": "http://www.microsoft.com/france/technet/security/bulletin/MS06-055.mspx"
    },
    {
      "title": "Alerte du CERTA num\u00e9ro CERTA-2006-ALE-011 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2006-ALE-011/index.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-055 du 26 septembre    2006 :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS06-055.mspx"
    }
  ],
  "reference": "CERTA-2006-AVI-410",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-09-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 permettant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance a\n\u00e9t\u00e9 d\u00e9couverte dans la biblioth\u00e8que Windows de gestion des images\nvectorielles (vgx.dll).\n",
  "title": "Vuln\u00e9rabilit\u00e9 du syst\u00e8me Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 MS06-055 de Microsoft du 26 septembre 2006",
      "url": null
    }
  ]
}

FKIE_CVE-2006-4868

Vulnerability from fkie_nvd - Published: 2006-09-19 19:07 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://blogs.securiteam.com/index.php/archives/624
cve@mitre.org	http://secunia.com/advisories/21989	Patch, Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1016879
cve@mitre.org	http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html
cve@mitre.org	http://support.microsoft.com/kb/925486
cve@mitre.org	http://www.kb.cert.org/vuls/id/416092	US Government Resource
cve@mitre.org	http://www.microsoft.com/technet/security/advisory/925568.mspx	Patch, Vendor Advisory
cve@mitre.org	http://www.osvdb.org/28946
cve@mitre.org	http://www.securityfocus.com/archive/1/446378/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/446505/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/446523/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/446528/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/446881/100/200/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/447070/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/448552/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/20096	Exploit, Patch
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA06-262A.html	Patch, US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3679	Vendor Advisory
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-055
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/29004
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100
af854a3a-2127-422b-91ae-364da2661108	http://blogs.securiteam.com/index.php/archives/624
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21989	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016879
af854a3a-2127-422b-91ae-364da2661108	http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html
af854a3a-2127-422b-91ae-364da2661108	http://support.microsoft.com/kb/925486
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/416092	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.microsoft.com/technet/security/advisory/925568.mspx	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/28946
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/446378/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/446505/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/446523/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/446528/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/446881/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/447070/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/448552/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/20096	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-262A.html	Patch, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3679	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-055
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/29004
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100

Impacted products

Vendor	Product	Version
microsoft	windows_2000	*
microsoft	windows_2003_server	*
microsoft	windows_2003_server	*
microsoft	windows_2003_server	*
microsoft	windows_2003_server	*
microsoft	windows_2003_server	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	internet_explorer	6.0
microsoft	outlook	2003
microsoft	windows_2000	*
microsoft	internet_explorer	5.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "580632FB-7EB8-4DC6-A372-742D4523BF79",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "CD264C73-360E-414D-BE22-192F92E5A0A3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:gold:*:*:*:*:*:*",
              "matchCriteriaId": "6F3C557A-71D8-47F9-9E12-CE938F301E66",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "FE8F4276-4D97-480D-A542-FE9982FFD765",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "A74985B6-BCA5-49E3-878B-77D7FA43070C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3189982-F780-4AC2-9663-E6D4DF9DD319",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en el motor Vector Graphics Rendering (vgx.dll), tal y como se usa en Microsoft Outlook e Internet Explorer 6.0 en Windows XP SP2 y posiblemente otras versiones permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero Vector Markup Language (VML) con un par\u00e1metro \"fill\" largo dentro de una etiqueta \"rect\"."
    }
  ],
  "id": "CVE-2006-4868",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-09-19T19:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://blogs.securiteam.com/index.php/archives/624"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21989"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016879"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.microsoft.com/kb/925486"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/416092"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/925568.mspx"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/28946"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/446378/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/446505/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/446523/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/446528/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/446881/100/200/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/447070/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/448552/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/20096"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-262A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3679"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-055"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29004"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blogs.securiteam.com/index.php/archives/624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21989"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016879"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.microsoft.com/kb/925486"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/416092"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/925568.mspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/28946"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/446378/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/446505/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/446523/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/446528/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/446881/100/200/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/447070/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/448552/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/20096"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-262A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3679"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-055"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2006-4868

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-4868

Aliases

CVE-2006-4868

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-4868",
    "description": "Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.",
    "id": "GSD-2006-4868",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2006-4868"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-4868"
      ],
      "details": "Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.",
      "id": "GSD-2006-4868",
      "modified": "2023-12-13T01:19:51.802118Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-4868",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://blogs.securiteam.com/index.php/archives/624",
            "refsource": "MISC",
            "url": "http://blogs.securiteam.com/index.php/archives/624"
          },
          {
            "name": "20060924 Windows VML Vulnerability FAQ (CVE-2006-4868) written",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/446881/100/200/threaded"
          },
          {
            "name": "20096",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/20096"
          },
          {
            "name": "20060920 RE: vml.c - Internet Explorer VML Buffer Overflow Download Exec Exploit",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/446523/100/0/threaded"
          },
          {
            "name": "20060920 vml.c - Internet Explorer VML Buffer Overflow Download Exec Exploit",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/446505/100/0/threaded"
          },
          {
            "name": "ADV-2006-3679",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/3679"
          },
          {
            "name": "VU#416092",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/416092"
          },
          {
            "name": "http://www.microsoft.com/technet/security/advisory/925568.mspx",
            "refsource": "CONFIRM",
            "url": "http://www.microsoft.com/technet/security/advisory/925568.mspx"
          },
          {
            "name": "925486",
            "refsource": "MSKB",
            "url": "http://support.microsoft.com/kb/925486"
          },
          {
            "name": "21989",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21989"
          },
          {
            "name": "SSRT061254",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/448552/100/0/threaded"
          },
          {
            "name": "HPSBST02160",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/448552/100/0/threaded"
          },
          {
            "name": "MS06-055",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-055"
          },
          {
            "name": "TA06-262A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-262A.html"
          },
          {
            "name": "20060920 Internet Explorer VML Zero-Day Mitigation",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/446528/100/0/threaded"
          },
          {
            "name": "28946",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/28946"
          },
          {
            "name": "1016879",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016879"
          },
          {
            "name": "http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html",
            "refsource": "MISC",
            "url": "http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html"
          },
          {
            "name": "20060926 Windows VML security update MS06-055 released",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/447070/100/0/threaded"
          },
          {
            "name": "20060919 Yet another 0day for IE",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/446378/100/0/threaded"
          },
          {
            "name": "oval:org.mitre.oval:def:100",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100"
          },
          {
            "name": "ie-vml-bo(29004)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29004"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:gold:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:*:itanium:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:outlook:2003:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4868"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html"
            },
            {
              "name": "VU#416092",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/416092"
            },
            {
              "name": "20096",
              "refsource": "BID",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/20096"
            },
            {
              "name": "21989",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/21989"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/925568.mspx",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.microsoft.com/technet/security/advisory/925568.mspx"
            },
            {
              "name": "1016879",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016879"
            },
            {
              "name": "http://blogs.securiteam.com/index.php/archives/624",
              "refsource": "MISC",
              "tags": [],
              "url": "http://blogs.securiteam.com/index.php/archives/624"
            },
            {
              "name": "28946",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/28946"
            },
            {
              "name": "TA06-262A",
              "refsource": "CERT",
              "tags": [
                "Patch",
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-262A.html"
            },
            {
              "name": "925486",
              "refsource": "MSKB",
              "tags": [],
              "url": "http://support.microsoft.com/kb/925486"
            },
            {
              "name": "ADV-2006-3679",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3679"
            },
            {
              "name": "ie-vml-bo(29004)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29004"
            },
            {
              "name": "oval:org.mitre.oval:def:100",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100"
            },
            {
              "name": "MS06-055",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-055"
            },
            {
              "name": "SSRT061254",
              "refsource": "HP",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/448552/100/0/threaded"
            },
            {
              "name": "20060926 Windows VML security update MS06-055 released",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/447070/100/0/threaded"
            },
            {
              "name": "20060924 Windows VML Vulnerability FAQ (CVE-2006-4868) written",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/446881/100/200/threaded"
            },
            {
              "name": "20060920 Internet Explorer VML Zero-Day Mitigation",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/446528/100/0/threaded"
            },
            {
              "name": "20060920 RE: vml.c - Internet Explorer VML Buffer Overflow Download Exec Exploit",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/446523/100/0/threaded"
            },
            {
              "name": "20060920 vml.c - Internet Explorer VML Buffer Overflow Download Exec Exploit",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/446505/100/0/threaded"
            },
            {
              "name": "20060919 Yet another 0day for IE",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/446378/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2021-07-23T12:55Z",
      "publishedDate": "2006-09-19T19:07Z"
    }
  }
}

GHSA-57HX-F9JP-528M

Vulnerability from github – Published: 2022-05-01 07:22 – Updated: 2022-05-01 07:22

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-4868"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-09-19T19:07:00Z",
    "severity": "HIGH"
  },
  "details": "Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.",
  "id": "GHSA-57hx-f9jp-528m",
  "modified": "2022-05-01T07:22:34Z",
  "published": "2022-05-01T07:22:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4868"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-055"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29004"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100"
    },
    {
      "type": "WEB",
      "url": "http://blogs.securiteam.com/index.php/archives/624"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21989"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016879"
    },
    {
      "type": "WEB",
      "url": "http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html"
    },
    {
      "type": "WEB",
      "url": "http://support.microsoft.com/kb/925486"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/416092"
    },
    {
      "type": "WEB",
      "url": "http://www.microsoft.com/technet/security/advisory/925568.mspx"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/28946"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/446378/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/446505/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/446523/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/446528/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/446881/100/200/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/447070/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/448552/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/20096"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-262A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3679"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-4868 (GCVE-0-2006-4868)

CERTA-2006-AVI-410

Description

Contournement provisoire

Solution

CERTA-2006-AVI-410

Description

Contournement provisoire

Solution

FKIE_CVE-2006-4868

GSD-2006-4868

GHSA-57HX-F9JP-528M

Tags

Sightings

Nomenclature