CVE-2006-3445
🟡 Monitoruj
Przepełnienie bufora w Microsoft Agent umożliwia zdalne wykonanie kodu.
CVSS
7.5
EPSS
64.9%
Exploit
none
Vendor
microsoft
Opis źródłowy (NVD)
Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.
buffer-overflow
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 7.5 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 64.9% |
| Opublikowano (NVD) | 2006-11-14 21:07:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-23 00:35:47 UTC |
Referencje
- http://secunia.com/advisories/22878 (secure@microsoft.com) [Vendor Advisory]
- http://securitytracker.com/id?1017222 (secure@microsoft.com)
- http://www.coseinc.com/alert.html (secure@microsoft.com)
- http://www.kb.cert.org/vuls/id/810772 (secure@microsoft.com) [US Government Resource]
- http://www.securityfocus.com/archive/1/458558/100/0/threaded (secure@microsoft.com)
- http://www.securityfocus.com/bid/21034 (secure@microsoft.com)
- http://www.us-cert.gov/cas/techalerts/TA06-318A.html (secure@microsoft.com) [US Government Resource]
- http://www.vupen.com/english/advisories/2006/4506 (secure@microsoft.com) [Vendor Advisory]
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-068 (secure@microsoft.com)
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29945 (secure@microsoft.com)
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A154 (secure@microsoft.com)