Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors.
Source: MITRE
Max CVSS
10.0
EPSS Score
4.75%
Published
2006-12-31
Updated
2023-12-15
Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
Source: MITRE
Max CVSS
6.9
EPSS Score
57.73%
Published
2006-12-22
Updated
2019-04-30
Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
Source: MITRE
Max CVSS
7.5
EPSS Score
96.95%
Published
2006-11-28
Updated
2018-10-17
Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.
Source: MITRE
Max CVSS
7.6
EPSS Score
95.48%
Published
2006-11-28
Updated
2018-10-17
The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.
Source: MITRE
Max CVSS
7.2
EPSS Score
0.05%
Published
2006-11-06
Updated
2018-10-17
Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability."
Source: Microsoft Corporation
Max CVSS
10.0
EPSS Score
88.74%
Published
2006-12-12
Updated
2018-10-17
Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using JavaScript to cause certain errors simultaneously, which results in the access of previously freed memory, aka "Script Error Handling Memory Corruption Vulnerability."
Source: Microsoft Corporation
Max CVSS
9.3
EPSS Score
80.89%
Published
2006-12-12
Updated
2021-07-23
The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Management System (DRM) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long parameter to the StoreLicense function, which triggers "memory corruption" and possibly a buffer overflow.
Source: MITRE
Max CVSS
7.5
EPSS Score
4.48%
Published
2006-10-23
Updated
2018-10-17
Buffer overflow in Microsoft Class Package Export Tool (aka clspack.exe) allows context-dependent attackers to execute arbitrary code via a long string. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.67%
Published
2006-10-18
Updated
2017-07-20
Multiple buffer overflows in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allow remote attackers to execute arbitrary code via (1) a crafted Distributed Process Manager (DPM) message to the (a) DPM component, or a (2) long string or (3) long IP address in a Distributed Process Server (DPS) message to the DPM or (b) DPS component.
Source: MITRE
Max CVSS
7.5
EPSS Score
22.14%
Published
2006-12-31
Updated
2017-07-20

CVE-2006-4868

Public exploit
Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.
Source: MITRE
Max CVSS
9.3
EPSS Score
17.98%
Published
2006-09-19
Updated
2021-07-23

CVE-2006-4777

Public exploit
Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446.
Source: MITRE
Max CVSS
7.6
EPSS Score
97.26%
Published
2006-09-14
Updated
2018-10-17
Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
Source: Microsoft Corporation
Max CVSS
6.8
EPSS Score
65.12%
Published
2006-12-13
Updated
2018-10-17

CVE-2006-4691

Public exploit
Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
Source: Microsoft Corporation
Max CVSS
10.0
EPSS Score
96.35%
Published
2006-11-14
Updated
2018-10-17

CVE-2006-4688

Public exploit
Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
Source: Microsoft Corporation
Max CVSS
7.5
EPSS Score
96.75%
Published
2006-11-14
Updated
2018-10-17
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
Source: Microsoft Corporation
Max CVSS
5.1
EPSS Score
57.40%
Published
2006-11-14
Updated
2021-07-23
Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.
Source: Microsoft Corporation
Max CVSS
7.5
EPSS Score
39.99%
Published
2006-10-10
Updated
2018-10-17
Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points.
Source: MITRE
Max CVSS
5.0
EPSS Score
96.48%
Published
2006-08-30
Updated
2018-10-17
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference.
Source: MITRE
Max CVSS
5.0
EPSS Score
59.95%
Published
2006-07-31
Updated
2017-07-20
Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties.
Source: MITRE
Max CVSS
2.6
EPSS Score
34.04%
Published
2006-07-31
Updated
2017-07-20
Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
Source: Microsoft Corporation
Max CVSS
7.5
EPSS Score
14.99%
Published
2006-09-12
Updated
2018-10-17
Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.
Source: Microsoft Corporation
Max CVSS
7.5
EPSS Score
95.41%
Published
2006-08-23
Updated
2018-10-17

CVE-2006-3730

Public exploit
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy.
Source: MITRE
Max CVSS
9.3
EPSS Score
97.22%
Published
2006-07-21
Updated
2021-07-23
DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office installed allows remote attackers to cause a denial of service (crash) via a large negative integer argument to the getDataMemberName method of a OWC11.DataSourceControl.11 object, which leads to an integer overflow and a null dereference.
Source: MITRE
Max CVSS
2.6
EPSS Score
4.68%
Published
2006-07-21
Updated
2021-12-13
Buffer overflow in wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted Excel files.
Source: MITRE
Max CVSS
2.6
EPSS Score
94.06%
Published
2006-07-18
Updated
2018-10-18
77 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!