Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-0020

An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."

Published

2006-01-10T21:03:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.6

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-189
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System microsoft windows_2000 * Yes
Operating System microsoft windows_2003_server r2 Yes
Operating System microsoft windows_2003_server sp1 Yes
Operating System microsoft windows_98 * Yes
Operating System microsoft windows_98se * Yes
Operating System microsoft windows_me * Yes
Operating System microsoft windows_xp * Yes
Operating System microsoft windows_xp * Yes
References