Vulnerabilities > CVE-2006-2376 - Numeric Errors vulnerability in Microsoft Windows 98, Windows 98Se and Windows ME
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Integer overflow in the PolyPolygon function in Graphics Rendering Engine on Microsoft Windows 98 and Me allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) or EMF image with a sum of entries in the vertext counts array and number of polygons that triggers a heap-based buffer overflow.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 3 |
Common Weakness Enumeration (CWE)
References
- http://secunia.com/advisories/20631
- http://securityreason.com/securityalert/1094
- http://securitytracker.com/id?1016286
- http://www.kb.cert.org/vuls/id/909508
- http://www.osvdb.org/26431
- http://www.securityfocus.com/archive/1/436950/100/0/threaded
- http://www.securityfocus.com/bid/18322
- http://www.us-cert.gov/cas/techalerts/TA06-164A.html
- http://www.vupen.com/english/advisories/2006/2324
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-026
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26815