Lucene search

[email protected]CVE-2006-0564

HistoryFeb 06, 2006 - 11:02 p.m.

CVE-2006-0564

2006-02-0623:02:00

[email protected]

web.nvd.nist.gov

cve-2006-0564

microsoft

html help workshop

buffer overflow

arbitrary code execution

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.635 Medium

EPSS

Percentile

97.9%

JSON

Stack-based buffer overflow in Microsoft HTML Help Workshop 4.74.8702.0, and possibly earlier versions, and as included in the Microsoft HTML Help 1.4 SDK, allows context-dependent attackers to execute arbitrary code via a .hhp file with a long Contents file field.

Affected configurations

NVD

Node

microsofthtml_helpMatch1.4sdk

microsofthtml_help_workshopMatch4.74.8702.0

CPENameOperatorVersion
microsoft:html_helpmicrosoft html helpeq1.4
microsoft:html_help_workshopmicrosoft html help workshopeq4.74.8702.0

CPE	Name	Operator	Version
microsoft:html_help	microsoft html help	eq	1.4
microsoft:html_help_workshop	microsoft html help workshop	eq	4.74.8702.0

References

secunia.com/advisories/18740

securitytracker.com/id?1015585

users.pandora.be/bratax/advisories/b008.html

www.kb.cert.org/vuls/id/124460

www.osvdb.org/22941

www.vupen.com/english/advisories/2006/0446

exchange.xforce.ibmcloud.com/vulnerabilities/24481

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.635 Medium

EPSS

Percentile

97.9%

JSON

Related for CVE-2006-0564

cert1 nvd2 packetstorm1 cvelist2 prion2 cve1