Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2006-0020 | First vendor Publication | 2006-01-10 |
Vendor | Cve | Last vendor Modification | 2018-10-12 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability." |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0020 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1638 | |||
Oval ID: | oval:org.mitre.oval:def:1638 | ||
Title: | Remote Code Execution Vulnerability in IE5.01 | ||
Description: | An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-0020 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 | |
Os | 2 | |
Os | 1 | |
Os | 1 | |
Os | 1 | |
Os | 2 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
22976 | Microsoft IE Crafted WMF Header Size Arbitrary Code Execution A remote overflow exists in Microsoft Internet Explorer. The Microsoft Internet Explorer fails to check integer bounds resulting in a integer overflow. With a specially crafted request, an attacker can cause corrupted heap memory resulting in a loss of integrity. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Windows Metafile invalid header size integer overflow attempt RuleID : 5713 - Revision : 14 - Type : OS-WINDOWS |
2016-03-14 | Microsoft Windows Metafile invalid header size integer overflow RuleID : 37087 - Revision : 2 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-02-14 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms06-004.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:03:35 |
|
2021-04-22 01:04:04 |
|
2020-05-23 00:17:17 |
|
2018-10-13 00:22:32 |
|
2017-10-11 09:23:36 |
|
2016-06-28 15:33:10 |
|
2016-04-26 14:10:46 |
|
2014-02-17 10:34:13 |
|
2014-01-19 21:23:03 |
|
2013-05-11 10:46:08 |
|