CVE-2006-3438 - Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overf

CVE-2006-3438

Summary

Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file containing a malformed function," aka "Hyperlink Object Function Vulnerability."

References

Vulnerable Configurations

cpe:2.3:a:microsoft:hyperlink_object_library:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:hyperlink_object_library:*:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 12-10-2018 - 21:40)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

oval via4

accepted

2011-05-09T04:00:05.287-04:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Shane Shaffer
organization G2, Inc.

definition_extensions

comment Microsoft Windows 2000 SP4 or later is installed
oval oval:org.mitre.oval:def:229
comment Microsoft Windows XP SP1 (32-bit) is installed
oval oval:org.mitre.oval:def:1
comment Microsoft Windows XP SP2 or later is installed
oval oval:org.mitre.oval:def:521
comment Microsoft Windows XP SP1 (64-bit) is installed
oval oval:org.mitre.oval:def:480
comment Microsoft Windows Server 2003 (x86) Gold is installed
oval oval:org.mitre.oval:def:165
comment Microsoft Windows Server 2003 SP1 (x86) is installed
oval oval:org.mitre.oval:def:565

description

family

windows

oval:org.mitre.oval:def:115

status

accepted

submitted

2006-08-11T12:53:40

title

Hyperlink Object Function Vulnerability

version

refmap via4

bid	19405
cert	TA06-220A
cert-vn	VU#683612
sectrack	1016659

Last major update

12-10-2018 - 21:40

Published

09-08-2006 - 00:04

Last modified

12-10-2018 - 21:40