Search...

CVE-2006-4138

2006-08-14T23:04:00

ID CVE-2006-4138
Type cve
Reporter cve@mitre.org
Modified 2018-10-17T21:33:00

Description

Multiple unspecified vulnerabilities in Microsoft Windows Help File viewer (winhlp32.exe) allow user-assisted attackers to execute arbitrary code via crafted HLP files.

JSON Vulners Source

Initial Source

{"id": "CVE-2006-4138", "bulletinFamily": "NVD", "title": "CVE-2006-4138", "description": "Multiple unspecified vulnerabilities in Microsoft Windows Help File viewer (winhlp32.exe) allow user-assisted attackers to execute arbitrary code via crafted HLP files.", "published": "2006-08-14T23:04:00", "modified": "2018-10-17T21:33:00", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4138", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/archive/1/443034/100/0/threaded", "http://www.securityfocus.com/archive/1/443039/100/0/threaded", "http://securityreason.com/securityalert/1382", "http://www.securityfocus.com/bid/19490"], "cvelist": ["CVE-2006-4138"], "type": "cve", "lastseen": "2019-05-29T18:08:33", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "de92124f26a5524e76b43afd71f6a704"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "621d5c45c4f5374da06f22442d84422a"}, {"key": "cpe23", "hash": "48f253f9fb1afd4a44d6630031ddc125"}, {"key": "cvelist", "hash": "d0d9e115cb0e94cf3c08fdfdf796ef45"}, {"key": "cvss", "hash": "ed80408f65b06df34ed6dfdb743af507"}, {"key": "cvss2", "hash": "fd557851df8b7ad46d8c68828c5643da"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "8e811c9f97d082d9a7f2a429ff6e593b"}, {"key": "href", "hash": "e8f10fabf4bfd3860977c6675379a2b4"}, {"key": "modified", "hash": "16de476c57d12574fb29b193594cc81a"}, {"key": "published", "hash": "e37ba47317962b8c9885192461d2ce91"}, {"key": "references", "hash": "77a5d499e53e59d58c1c23d3cebb2941"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "3555915f1725e65201eedcaa47b64741"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "107b50f1588a337bf700b3da15ce429a0a8a96cea5fbc04e35546ab77d9e8d32", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:29231"]}, {"type": "exploitdb", "idList": ["EDB-ID:28381"]}], "modified": "2019-05-29T18:08:33"}, "score": {"value": 6.7, "vector": "NONE", "modified": "2019-05-29T18:08:33"}, "vulnersScore": 6.7}, "objectVersion": "1.3", "cpe": ["cpe:/a:microsoft:help_file_viewer:*"], "affectedSoftware": [{"name": "microsoft help_file_viewer", "operator": "eq", "version": "*"}], "cvss2": {"cvssV2": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {}, "cpe23": ["cpe:2.3:a:microsoft:help_file_viewer:*:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}

{"exploitdb": [{"lastseen": "2016-02-03T08:02:11", "bulletinFamily": "exploit", "description": "Microsoft Windows XP/2000/2003 Help Multiple Remote Vulnerabilities. CVE-2006-4138. Dos exploit for windows platform", "modified": "2006-08-12T00:00:00", "published": "2006-08-12T00:00:00", "id": "EDB-ID:28381", "href": "https://www.exploit-db.com/exploits/28381/", "type": "exploitdb", "title": "Microsoft windows xp/2000/2003 help Multiple Vulnerabilities", "sourceData": "source: http://www.securityfocus.com/bid/19490/info\r\n\r\nThe Microsoft Windows Help File viewer (winhlp32.exe) is prone to multiple remote vulnerabilities.\r\n\r\nThese vulnerabilities present themselves when the application handles specially crafted Windows Help (.hlp) files.\r\n\r\nA successful attack may let the attacker crash the application or execute arbitrary code in the context of a vulnerable user who opens a malicious file.\r\n\r\nSpecific information regarding affected versions of Microsoft Windows is currently unavailable.\r\n\r\nUpdate: Since help files can inherently execute arbitrary malicious code, this BID is being retired.\r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/28381.zip", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/28381/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:25", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0247.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0252.html\n[CVE-2006-4138](https://vulners.com/cve/CVE-2006-4138)\nBugtraq ID: 19490\n", "modified": "2006-08-12T02:57:01", "published": "2006-08-12T02:57:01", "href": "https://vulners.com/osvdb/OSVDB:29231", "id": "OSVDB:29231", "title": "Microsoft Windows Help File Viewer (winhlp32.exe) HLP File Arbitrary Code Execution", "type": "osvdb", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}