CVE-2006-4868

EPSS 62.1%

Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.

Produtos afetados

n/a · n/a

PoCs públicas encontradas — 3

exploitdbwww.exploit-db.com/exploits/2425não verificado exploitdbwww.exploit-db.com/exploits/16597não verificado exploitdbwww.exploit-db.com/exploits/2426não verificado

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://blogs.securiteam.com/index.php/archives/624 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-055 http://secunia.com/advisories/21989 http://securitytracker.com/id?1016879 https://exchange.xforce.ibmcloud.com/vulnerabilities/29004 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100 http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html http://support.microsoft.com/kb/925486 http://www.kb.cert.org/vuls/id/416092 http://www.microsoft.com/technet/security/advisory/925568.mspx http://www.osvdb.org/28946 http://www.securityfocus.com/archive/1/446378/100/0/threaded