Lucene search

PRIOn knowledge basePRION:CVE-2006-0010

HistoryJan 10, 2006 - 10:03 p.m.

Heap overflow

2006-01-1022:03:00

PRIOn knowledge base

www.prio-n.com

8.2 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.623 Medium

EPSS

Percentile

97.7%

JSON

Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.

CPENameOperatorVersion
windows_2003_servereqenterprise64bit
windows_2003_servereqstandard64bit
windows_2003_servereqdatacenter64bit sp1
windows_2003_servereqr2 sp1
windows_2003_servereqenterprise64bit sp1
windows_2003_servereq2.0.114
windows_2003_servereqweb sp1
windows_2003_servereqstandard sp1
windows_2003_servereqenterprise sp1
windows_2003_servereq2.0.114

Name	Operator	Version
windows_2003_server	eq	enterprise64bit
windows_2003_server	eq	standard64bit
windows_2003_server	eq	datacenter64bit sp1
windows_2003_server	eq	r2 sp1
windows_2003_server	eq	enterprise64bit sp1
windows_2003_server	eq	2.0.114
windows_2003_server	eq	web sp1
windows_2003_server	eq	standard sp1
windows_2003_server	eq	enterprise sp1
windows_2003_server	eq	2.0.114

Rows per page:

1-10 of 661

References

seclists.org/fulldisclosure/2006/Jan/363

secunia.com/advisories/18311

secunia.com/advisories/18365

secunia.com/advisories/18391

securitytracker.com/id?1015459

support.avaya.com/elmodocs2/security/ASA-2006-004.htm

www.eeye.com/html/Research/Advisories/EEYEB20050801.html

www.kb.cert.org/vuls/id/915930

www.osvdb.org/18829

www.securityfocus.com/archive/1/421885/100/0/threaded

www.securityfocus.com/bid/16194

www.us-cert.gov/cas/techalerts/TA06-010A.html

www.vupen.com/english/advisories/2006/0118

www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375525

docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-002

exchange.xforce.ibmcloud.com/vulnerabilities/23922

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1126

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1185

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1462

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1491

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A698

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A714

8.2 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.623 Medium

EPSS

Percentile

97.7%

JSON

Related for PRION:CVE-2006-0010