Lucene search

[email protected]CVE-2006-5448

HistoryOct 23, 2006 - 5:07 p.m.

CVE-2006-5448

2006-10-2317:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-5448

microsoft

windows

drm

denial of service

remote attackers

arbitrary code

buffer overflow

nvd

8.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.052 Low

EPSS

Percentile

92.9%

JSON

The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Management System (DRM) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long parameter to the StoreLicense function, which triggers “memory corruption” and possibly a buffer overflow.

CPENameOperatorVersion
microsoft:windows_digital_rights_managementmicrosoft windows digital rights managementeq*

CPE	Name	Operator	Version
microsoft:windows_digital_rights_management	microsoft windows digital rights management	eq	*

References

securityreason.com/securityalert/1756

www.securityfocus.com/archive/1/448097/100/200/threaded

8.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.052 Low

EPSS

Percentile

92.9%

JSON