CVE-2006-3086 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-3086
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-3086

Description: Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka "Hyperlink COM Object Buffer Overflow Vulnerability." NOTE: this is a different issue than CVE-2006-3059.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/27224 ST 1016339 SAID Secunia Advisory: SA20748 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:999 OSVDB 26666 MS http://www.microsoft.com/technet/security/bulletin/ms06-050.mspx MISC http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx http://www.milw0rm.com/exploits/1927 http://www.tippingpoint.com/security/advisories/TSRT-06-10.html FULLDISC http://marc.theaimsgroup.com/?l=full-disclosure&m=115067840426070&w=2 CERT-VN 394444 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/442724/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/438373/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/438156/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/438096/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/438093/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/438057/100/0/threaded BID 18500

Return to the previous page.