CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft : Security Vulnerabilities Published In 2006 (Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2006-6908 DoS Exec Code Overflow 2006-12-31 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors.
2 CVE-2006-6696 119 Overflow +Priv 2006-12-21 2009-09-24
6.9
Admin Local Medium Not required Complete Complete Complete
Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
3 CVE-2006-6134 119 DoS Exec Code Overflow 2006-11-27 2011-10-17
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
4 CVE-2006-6133 119 Exec Code Overflow 2006-11-27 2011-08-04
7.6
Admin Remote High Not required Complete Complete Complete
Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.
5 CVE-2006-5758 119 DoS Overflow +Priv Mem. Corr. 2006-11-06 2011-09-22
7.2
Admin Local Low Not required Complete Complete Complete
The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.
6 CVE-2006-5583 Exec Code Overflow Mem. Corr. 2006-12-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability."
7 CVE-2006-5579 119 Exec Code Overflow Mem. Corr. 2006-12-12 2011-10-03
9.3
Admin Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using JavaScript to cause certain errors simultaneously, which results in the access of previously freed memory, aka "Script Error Handling Memory Corruption Vulnerability."
8 CVE-2006-5448 DoS Exec Code Overflow Mem. Corr. 2006-10-23 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Management System (DRM) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long parameter to the StoreLicense function, which triggers "memory corruption" and possibly a buffer overflow.
9 CVE-2006-5395 Exec Code Overflow 2006-10-18 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Microsoft Class Package Export Tool (aka clspack.exe) allows context-dependent attackers to execute arbitrary code via a long string. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
10 CVE-2006-5266 119 Exec Code Overflow 2006-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allow remote attackers to execute arbitrary code via (1) a crafted Distributed Process Manager (DPM) message to the (a) DPM component, or a (2) long string or (3) long IP address in a Distributed Process Server (DPS) message to the DPM or (b) DPS component.
11 CVE-2006-5162 DoS Overflow 2006-10-05 2008-09-05
5.0
None Remote Low Not required None None Partial
wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows remote attackers to cause a denial of service (unhandled exception and crash) via a long Content-Type header, which triggers a stack overflow.
12 CVE-2006-4868 Exec Code Overflow 2006-09-19 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.
13 CVE-2006-4777 Exec Code Overflow 2006-09-13 2008-09-05
7.6
Admin Remote High Not required Complete Complete Complete
Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446.
14 CVE-2006-4732 Overflow 2006-09-13 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an unknown impact ("overflow") via a project that contains a certain Click event procedure, as demonstrated using the msgbox function and the VB.Label object.
15 CVE-2006-4702 Exec Code Overflow 2006-12-12 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
16 CVE-2006-4691 Exec Code Overflow 2006-11-14 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
17 CVE-2006-4688 Exec Code Overflow Mem. Corr. 2006-11-14 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
18 CVE-2006-4687 119 Exec Code Overflow Mem. Corr. 2006-11-14 2011-10-03
5.1
None Remote High Not required Partial Partial Partial
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
19 CVE-2006-4686 Exec Code Overflow 2006-10-10 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.
20 CVE-2006-4446 DoS Exec Code Overflow 2006-08-29 2008-09-05
5.0
None Remote Low Not required None None Partial
Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points.
21 CVE-2006-3944 DoS Overflow 2006-07-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference.
22 CVE-2006-3943 DoS Overflow 2006-07-31 2008-09-05
2.6
None Remote High Not required None None Partial
Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties.
23 CVE-2006-3897 DoS Overflow 2006-07-27 2008-09-05
5.0
None Remote Low Not required None None Partial
Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.
24 CVE-2006-3873 DoS Exec Code Overflow 2006-09-12 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
25 CVE-2006-3869 DoS Exec Code Overflow 2006-08-22 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.
26 CVE-2006-3864 94 Exec Code Overflow Mem. Corr. 2006-10-10 2011-04-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.
27 CVE-2006-3730 94 DoS Exec Code Overflow 2006-07-21 2011-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy.
28 CVE-2006-3729 DoS Overflow 2006-07-21 2008-09-05
2.6
None Remote High Not required None None Partial
DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office installed allows remote attackers to cause a denial of service (crash) via a large negative integer argument to the getDataMemberName method of a OWC11.DataSourceControl.11 object, which leads to an integer overflow and a null dereference.
29 CVE-2006-3657 DoS Overflow 2006-07-18 2008-09-05
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (stack overflow exception) via a DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property.
30 CVE-2006-3654 DoS Overflow 2006-07-18 2008-09-05
2.6
None Remote High Not required None None Partial
Buffer overflow in wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted Excel files.
31 CVE-2006-3649 Exec Code Overflow 2006-08-08 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
32 CVE-2006-3647 189 Exec Code Overflow 2006-10-10 2011-04-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693.
33 CVE-2006-3493 DoS Exec Code Overflow 2006-07-10 2009-04-03
5.1
User Remote High Not required Partial Partial Partial
Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.
34 CVE-2006-3449 Exec Code Overflow 2006-08-08 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."
35 CVE-2006-3445 189 Exec Code Overflow 2006-11-14 2011-10-03
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.
36 CVE-2006-3444 Overflow 2006-08-08 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
37 CVE-2006-3441 Exec Code Overflow 2006-08-08 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.
38 CVE-2006-3440 Exec Code Overflow 2006-08-08 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."
39 CVE-2006-3439 Exec Code Overflow 2006-08-08 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
40 CVE-2006-3438 Exec Code Overflow 2006-08-08 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file containing a malformed function," aka "Hyperlink Object Function Vulnerability."
41 CVE-2006-3431 Exec Code Overflow 2006-07-07 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086.
42 CVE-2006-3357 DoS Exec Code Overflow 2006-07-06 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) in Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code by repeatedly setting the Image field of an Internet.HHCtrl.1 object to certain values, possibly related to improper escaping and long strings.
43 CVE-2006-3351 DoS Exec Code Overflow 2006-07-05 2008-09-05
5.4
None Remote High Not required None None Complete
Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2003 allows user-assisted attackers to cause a denial of service (repeated crash) and possibly execute arbitrary code via a .url file with an InternetShortcut tag containing a long URL and a large number of "file:" specifiers.
44 CVE-2006-3250 Exec Code Overflow 2006-06-27 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Heap-based buffer overflow in Windows Live Messenger 8.0 allows user-assisted attackers to execute arbitrary code via a crafted Contact List (.ctt) file, which triggers the overflow when it is imported by the user.
45 CVE-2006-3086 119 DoS Exec Code Overflow 2006-06-19 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka "Hyperlink COM Object Buffer Overflow Vulnerability." NOTE: this is a different issue than CVE-2006-3059.
46 CVE-2006-2766 DoS Overflow 2006-06-02 2008-09-05
2.6
None Remote High Not required None None Partial
Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file.
47 CVE-2006-2492 Exec Code Overflow 2006-05-19 2008-09-05
7.6
Admin Remote High Not required Complete Complete Complete
Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
48 CVE-2006-2382 119 Exec Code Overflow Mem. Corr. 2006-06-13 2011-04-15
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decoding Memory Corruption Vulnerability."
49 CVE-2006-2379 Exec Code Overflow 2006-06-13 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
50 CVE-2006-2378 Exec Code Overflow 2006-06-13 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.
Total number of vulnerabilities : 81   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.