CVE-2006-4868: Buffer Overflow
First published: Tue Sep 19 2006(Updated: )
Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows 2000 | =sp4 | |
| Microsoft Windows 2003 Server | ||
| Microsoft Windows 2003 Server | ||
| Microsoft Windows 2003 Server | ||
| Microsoft Windows 2003 Server | =gold | |
| Microsoft Windows 2003 Server | =sp1 | |
| Microsoft Windows XP | ||
| Microsoft Windows XP | =sp1 | |
| Microsoft Windows XP | =sp2 | |
| Internet Explorer | =6.0 | |
| Microsoft Outlook | =2003 | |
| Internet Explorer | =5.0.1-sp4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html
- http://www.kb.cert.org/vuls/id/416092
- http://www.securityfocus.com/bid/20096
- http://secunia.com/advisories/21989
- http://www.microsoft.com/technet/security/advisory/925568.mspx
- http://securitytracker.com/id?1016879
- http://blogs.securiteam.com/index.php/archives/624
- http://www.osvdb.org/28946
- http://www.us-cert.gov/cas/techalerts/TA06-262A.html
- http://support.microsoft.com/kb/925486
- http://www.vupen.com/english/advisories/2006/3679
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29004
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-055
- http://www.securityfocus.com/archive/1/448552/100/0/threaded
- http://www.securityfocus.com/archive/1/447070/100/0/threaded
- http://www.securityfocus.com/archive/1/446881/100/200/threaded
- http://www.securityfocus.com/archive/1/446528/100/0/threaded
- http://www.securityfocus.com/archive/1/446523/100/0/threaded
- http://www.securityfocus.com/archive/1/446505/100/0/threaded
- http://www.securityfocus.com/archive/1/446378/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-4868?
CVE-2006-4868 is considered critical due to the potential for remote code execution via specially crafted VML files.
How do I fix CVE-2006-4868?
To mitigate CVE-2006-4868, users should apply the latest security patches from Microsoft for affected versions of Windows and software.
Which Microsoft products are affected by CVE-2006-4868?
CVE-2006-4868 affects Microsoft Internet Explorer 6.0 and Microsoft Outlook 2003 primarily on Windows XP SP2.
Can CVE-2006-4868 be exploited remotely?
Yes, CVE-2006-4868 can be exploited remotely by submitting a malicious VML file to the target system.
What type of vulnerability is CVE-2006-4868?
CVE-2006-4868 is a stack-based buffer overflow vulnerability in the Vector Graphics Rendering engine.
- collector/nvd-historical
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- agent/last-modified-date
- agent/description
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/microsoft windows 2000
- version/microsoft windows 2000/sp4
- canonical/microsoft windows 2003 server
- version/microsoft windows 2003 server/gold
- version/microsoft windows 2003 server/sp1
- canonical/microsoft windows xp
- version/microsoft windows xp/sp1
- version/microsoft windows xp/sp2
- canonical/internet explorer
- version/internet explorer/6.0
- canonical/microsoft outlook
- version/microsoft outlook/2003
- version/internet explorer/5.0.1-sp4