Vulnerability Details : CVE-2006-0020
An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."
Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service
Products affected by CVE-2006-0020
- cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
- cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-0020
6.67%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-0020
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2006-0020
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-0020
-
http://www.vupen.com/english/advisories/2006/0469
-
http://www.us-cert.gov/cas/techalerts/TA06-045A.html
Third Party Advisory;US Government Resource
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-004
-
http://www.kb.cert.org/vuls/id/312956
Patch;Third Party Advisory;US Government Resource
-
http://www.microsoft.com/technet/security/advisory/913333.mspx
Vendor Advisory
-
http://www.securityfocus.com/bid/16516
Patch
-
http://linuxbox.org/pipermail/funsec/2006-January/002828.html
Exploit;Vendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1638
Jump to