CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft : Security Vulnerabilities Published In 2006

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2006-6908 DoS Exec Code Overflow 2006-12-31 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors.
2 CVE-2006-6902 2006-12-31 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
3 CVE-2006-6901 2006-12-31 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Bluetooth stack in Microsoft Windows allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
4 CVE-2006-6797 DoS 2006-12-28 2008-09-05
6.6
None Local Low Not required Complete None Complete
The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696.
5 CVE-2006-6753 2006-12-26 2008-09-05
4.1
None Local Network Low Single system Partial None Partial
Event Viewer (eventvwr.exe) in Microsoft Windows does not properly display log data that contains '%' (percent) characters, which might make it impossible to use Event Viewer to determine the actual data that triggered an event, and might produce long strings that are not properly handled by certain processes that rely on Event Viewer.
6 CVE-2006-6723 399 DoS 2006-12-26 2010-10-14
7.8
None Remote Low Not required None None Complete
The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request.
7 CVE-2006-6696 119 Overflow +Priv 2006-12-21 2009-09-24
6.9
Admin Local Medium Not required Complete Complete Complete
Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
8 CVE-2006-6659 DoS 2006-12-19 2008-09-05
5.0
None Remote Low Not required None None Partial
The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.
9 CVE-2006-6617 +Info 2006-12-18 2008-09-05
6.5
User Remote Low Single system Partial Partial Partial
projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.
10 CVE-2006-6602 DoS 2006-12-15 2008-09-05
4.3
None Remote Medium Not required None None Partial
explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a crafted WMV file.
11 CVE-2006-6601 399 DoS 2006-12-15 2011-03-09
4.3
None Remote Medium Not required None None Partial
Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields that are set to 0.
12 CVE-2006-6579 2006-12-15 2008-09-05
4.4
User Local Medium Not required Partial Partial Partial
Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine.
13 CVE-2006-6578 Exec Code 2006-12-15 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EXE files such as .COM files, which allows attackers to execute arbitrary commands via arguments to any .COM file that executes those arguments, as demonstrated using win.com when it is in a web directory with certain permissions.
14 CVE-2006-6561 Exec Code Mem. Corr. 2006-12-14 2011-04-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.
15 CVE-2006-6456 Exec Code Mem. Corr. 2006-12-11 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.
16 CVE-2006-6311 DoS 2006-12-06 2008-09-05
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service via a style attribute in an HTML table tag with a width value that is dynamically calculated using JavaScript.
17 CVE-2006-6310 DoS 2006-12-06 2008-09-05
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (crash) via an invalid src attribute value ("?") in an HTML frame tag that is in a frameset tag with a large rows attribute. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
18 CVE-2006-6296 DoS 2006-12-05 2010-10-14
6.1
None Local Network Low Not required None None Complete
The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644.
19 CVE-2006-6266 2006-12-04 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Teredo clients, when following item 6 of RFC4380 section 5.2.3, start direct IPv6 connectivity tests (aka ping tests) in response to packets from non-Teredo source addresses, which might allow remote attackers to induce Teredo clients to send packets to third parties.
20 CVE-2006-6265 2006-12-04 2008-09-05
5.8
None Local Network Low Not required Partial Partial Partial
Teredo clients, when located behind a restricted NAT, allow remote attackers to establish an inbound connection without the guessing required to find a port mapping for a traditional restricted NAT client, by (1) using the client port number contained in the Teredo address or (2) following the bubble-to-open procedure.
21 CVE-2006-6264 Bypass 2006-12-04 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Teredo creates trusted peer entries for arbitrary incoming source Teredo addresses, even if the low 32 bits represent an intranet address, which might allow remote attackers to send IPv4 traffic to intranet hosts that use non-RFC1918 addresses, bypassing IPv4 ingress filtering.
22 CVE-2006-6263 Bypass 2006-12-04 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Teredo clients, when source routing is enabled, recognize a Routing header in an encapsulated IPv6 packet and send the packet to the next hop, which might allow remote attackers to bypass policies of certain Internet gateways that drop all source-routed packets.
23 CVE-2006-6252 DoS 2006-12-04 2008-09-05
4.3
None Remote Medium Not required None None Partial
Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons.
24 CVE-2006-6134 119 DoS Exec Code Overflow 2006-11-27 2011-10-17
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
25 CVE-2006-6133 119 Exec Code Overflow 2006-11-27 2011-08-04
7.6
Admin Remote High Not required Complete Complete Complete
Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.
26 CVE-2006-5994 Exec Code Mem. Corr. 2006-12-06 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456.
27 CVE-2006-5988 DoS 2006-11-20 2008-09-05
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain VulnDisco Pack module. NOTE: the provenance of this information is unknown; the details are obtained from third party information. As of 20061116, this disclosure has no actionable information. However, since the VulnDisco Pack author is a reliable researcher, the disclosure is being assigned a CVE identifier for tracking purposes.
28 CVE-2006-5913 2006-11-15 2008-09-05
6.4
None Remote Low Not required None Partial Partial
Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a "The webpage no longer exists" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805.
29 CVE-2006-5884 2006-11-14 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777.
30 CVE-2006-5805 2006-11-08 2008-09-05
5.0
None Remote Low Not required None Partial None
Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid.
31 CVE-2006-5758 119 DoS Overflow +Priv Mem. Corr. 2006-11-06 2011-09-22
7.2
Admin Local Low Not required Complete Complete Complete
The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.
32 CVE-2006-5745 1 Exec Code Mem. Corr. 2006-11-06 2008-12-15
7.6
Admin Remote High Not required Complete Complete Complete
Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information.
33 CVE-2006-5614 DoS 2006-10-30 2008-09-05
2.6
None Remote High Not required None None Partial
Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference.
34 CVE-2006-5585 +Priv 2006-12-12 2008-09-05
6.8
Admin Local Low Single system Complete Complete Complete
The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."
35 CVE-2006-5584 +Priv 2006-12-12 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS.
36 CVE-2006-5583 Exec Code Overflow Mem. Corr. 2006-12-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability."
37 CVE-2006-5581 Exec Code Mem. Corr. 2006-12-12 2011-04-13
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via certain DHTML script functions, such as normalize, and "incorrectly created elements" that trigger memory corruption, aka "DHTML Script Function Memory Corruption Vulnerability."
38 CVE-2006-5579 119 Exec Code Overflow Mem. Corr. 2006-12-12 2011-10-03
9.3
Admin Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using JavaScript to cause certain errors simultaneously, which results in the access of previously freed memory, aka "Script Error Handling Memory Corruption Vulnerability."
39 CVE-2006-5578 +Info 2006-12-12 2008-09-05
2.6
None Remote High Not required Partial None None
Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577.
40 CVE-2006-5577 +Info 2006-12-12 2008-09-05
4.3
None Remote Medium Not required Partial None None
Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5578.
41 CVE-2006-5574 Exec Code 2006-12-31 2011-04-27
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed.
42 CVE-2006-5559 20 DoS Exec Code 2006-10-27 2011-07-11
9.3
Admin Remote Medium Not required Complete Complete Complete
The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
43 CVE-2006-5544 2006-10-26 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL.
44 CVE-2006-5448 DoS Exec Code Overflow Mem. Corr. 2006-10-23 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Management System (DRM) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long parameter to the StoreLicense function, which triggers "memory corruption" and possibly a buffer overflow.
45 CVE-2006-5395 Exec Code Overflow 2006-10-18 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Microsoft Class Package Export Tool (aka clspack.exe) allows context-dependent attackers to execute arbitrary code via a long string. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
46 CVE-2006-5296 DoS Exec Code 2006-10-16 2008-09-05
4.3
None Remote Medium Not required None None Partial
PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.
47 CVE-2006-5266 119 Exec Code Overflow 2006-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allow remote attackers to execute arbitrary code via (1) a crafted Distributed Process Manager (DPM) message to the (a) DPM component, or a (2) long string or (3) long IP address in a Distributed Process Server (DPS) message to the DPM or (b) DPS component.
48 CVE-2006-5265 20 DoS 2006-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allows remote attackers to cause a denial of service (crash) via an invalid magic number in a Distributed Process Server (DPS) message.
49 CVE-2006-5162 DoS Overflow 2006-10-05 2008-09-05
5.0
None Remote Low Not required None None Partial
wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows remote attackers to cause a denial of service (unhandled exception and crash) via a long Content-Type header, which triggers a stack overflow.
50 CVE-2006-5152 XSS 2006-10-05 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL that is returned in a large HTTP 404 error message without an explicit charset, a related issue to CVE-2006-0032.
Total number of vulnerabilities : 267   Page : 1 (This Page)2 3 4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.