Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2006-3445 | First vendor Publication | 2006-11-14 |
Vendor | Cve | Last vendor Modification | 2018-10-18 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3445 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:154 | |||
Oval ID: | oval:org.mitre.oval:def:154 | ||
Title: | Microsoft Agent Memory Corruption Vulnerability | ||
Description: | Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-3445 | Version: | 1 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 | |
Os | 5 | |
Os | 2 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
30262 | Microsoft Windows Agent ACF File Handling Memory Corruption |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Agent buffer overflow attempt RuleID : 9433 - Revision : 9 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Agent buffer overflow attempt RuleID : 9432 - Revision : 9 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Agent v1.5 ActiveX function call access RuleID : 8856 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Agent v1.5 ActiveX clsid unicode access RuleID : 8855 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Agent v2.0 ActiveX function call access RuleID : 8854 - Revision : 14 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Agent v2.0 ActiveX clsid unicode access RuleID : 8853 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Agent v2.0 ActiveX clsid access RuleID : 8852 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Agent Custom Proxy Class ActiveX clsid unicode access RuleID : 8851 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Agent Custom Proxy Class ActiveX clsid access RuleID : 8850 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Agent Notify Sink Custom Proxy Class ActiveX clsid unicode access RuleID : 8849 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Agent Notify Sink Custom Proxy Class ActiveX clsid access RuleID : 8848 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Agent Character Custom Proxy Class ActiveX clsid unicode access RuleID : 8847 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Agent Character Custom Proxy Class ActiveX clsid access RuleID : 8846 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Windows Agent v1.5 ActiveX clsid access RuleID : 4172 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Agent v1.5 ActiveX function call unicode access RuleID : 10465 - Revision : 7 - Type : WEB-ACTIVEX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-11-14 | Name : It is possible to execute arbitrary code on the remote host through the agent... File : smb_nt_ms06-068.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:04:16 |
|
2021-04-22 01:04:54 |
|
2020-05-23 00:18:03 |
|
2018-10-18 21:20:14 |
|
2018-10-13 00:22:34 |
|
2017-10-11 09:23:42 |
|
2017-07-20 09:23:44 |
|
2016-04-26 14:49:52 |
|
2014-02-17 10:36:22 |
|
2014-01-19 21:23:23 |
|
2013-05-11 11:02:26 |
|