CVE-2006-3445 : Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Age

Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.

Published 2006-11-14 21:07:00

Updated 2025-04-09 00:30:58

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2006-3445

Microsoft » Windows 2000 » Update SP4 Language FR
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
Matching versions
Microsoft » Windows Xp » 64-bit Edition
cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP2 Tablet Pc Edition
cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: R2
cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: 64-bit
cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: SP1
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: SP1 Itanium Edition
cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: Itanium
cpe:2.3:o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-3445

EPSS FAQ

61.80%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 98 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-3445

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2006-3445

CWE-189

Assigned by: nvd@nist.gov (Primary)

References for CVE-2006-3445

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-068

Microsoft Security Bulletin MS06-068 - Critical | Microsoft Learn
http://www.vupen.com/english/advisories/2006/4506

Site en construction
Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA06-318A.html

US Government Resource

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A154

404 Not Found
http://www.securityfocus.com/archive/1/458558/100/0/threaded
http://securitytracker.com/id?1017222
http://secunia.com/advisories/22878

Vendor Advisory
http://www.securityfocus.com/bid/21034
http://www.coseinc.com/alert.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/29945
http://www.kb.cert.org/vuls/id/810772

US Government Resource

Jump to

Vulnerability Details : CVE-2006-3445

Products affected by CVE-2006-3445

Exploit prediction scoring system (EPSS) score for CVE-2006-3445

CVSS scores for CVE-2006-3445

CWE ids for CVE-2006-3445

References for CVE-2006-3445