Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiStuart Pearson - Computer Terrorism (UK)ZDI-06-007
HistoryApr 11, 2006 - 12:00 a.m.

Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability

2006-04-1100:00:00
Stuart Pearson - Computer Terrorism (UK)
www.zerodayinitiative.com
12

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.607 Medium

EPSS

Percentile

97.8%

JSON

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of the Microsoft Windows operating system. User interaction is required to exploit this vulnerability. The specific flaw exists during the parsing of malformed Windows Address Book (.WAB) files. Modification of the length value of certain Unicode strings within this file format results in an exploitable heap corruption.

Related

checkpoint_advisories 3
cve 1
prion 1
nessus 1
securityvulns 2
cvelist 1
checkpoint_advisories
checkpoint_advisories
Microsoft Outlook Express Windows Address Book File Overflow (MS06-016) - Ver2 (CVE-2006-0014)
2015-03-26 00:00:00
Microsoft Outlook Express Windows Address Book File Overflow (MS06-016; CVE-2006-0014)
2010-08-02 00:00:00
Update Protection against Microsoft Outlook Express Windows Address Book File Vulnerability (MS06-016)
2006-04-11 00:00:00
cve
cve
CVE-2006-0014
2006-04-12 00:02:00
prion
prion
Buffer overflow
2006-04-12 00:02:00
nessus
nessus
MS06-016: Vulnerability in Outlook Express Could Allow Remote Code Execution (911567)
2006-04-11 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS06-016 Cumulative Security Update for Outlook Express (911567)
2006-04-11 00:00:00
ZDI-06-007: Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability
2006-04-12 00:00:00
cvelist
cvelist
CVE-2006-0014
2006-04-12 00:00:00

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.607 Medium

EPSS

Percentile

97.8%

JSON
Related for ZDI-06-007
checkpoint_advisories3cve1prion1nessus1securityvulns2cvelist1