Vulnerabilities > CVE-2006-2376 - Numeric Errors vulnerability in Microsoft Windows 98, Windows 98Se and Windows ME
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in the PolyPolygon function in Graphics Rendering Engine on Microsoft Windows 98 and Me allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) or EMF image with a sum of entries in the vertext counts array and number of polygons that triggers a heap-based buffer overflow.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 3 |
Common Weakness Enumeration (CWE)
References
- http://www.securityfocus.com/bid/18322
- http://secunia.com/advisories/20631
- http://www.us-cert.gov/cas/techalerts/TA06-164A.html
- http://www.kb.cert.org/vuls/id/909508
- http://securitytracker.com/id?1016286
- http://www.osvdb.org/26431
- http://securityreason.com/securityalert/1094
- http://www.vupen.com/english/advisories/2006/2324
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26815
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-026
- http://www.securityfocus.com/archive/1/436950/100/0/threaded