CVE-2006-0020

critical

Description

An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1638

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-004

http://www.vupen.com/english/advisories/2006/0469

http://www.us-cert.gov/cas/techalerts/TA06-045A.html

http://www.securityfocus.com/bid/16516

http://www.osvdb.org/22976

http://www.microsoft.com/technet/security/advisory/913333.mspx

http://www.kb.cert.org/vuls/id/312956

http://secunia.com/advisories/18912

http://secunia.com/advisories/18729

Details

Source: Mitre, NVD

Published: 2006-01-10

Updated: 2018-10-12

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical