Vulnerabilities > CVE-2006-2378 - Unspecified vulnerability in Microsoft products
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.
Vulnerable Configurations
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS06-022.NASL |
| description | The remote host is running a version of Windows that contains a flaw in the Hyperlink Object Library. An attacker may exploit this flaw to execute arbitrary code on the remote host. To exploit this flaw, an attacker would need to construct a malicious hyperlink and lure a victim into clicking it. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 21686 |
| published | 2006-06-13 |
| reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/21686 |
| title | MS06-022: Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439) |
Oval
accepted 2014-02-24T04:00:20.636-05:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc. name Maria Mikhno organization ALTX-SOFT
description Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption. family windows id oval:org.mitre.oval:def:1590 status accepted submitted 2006-06-14T09:55:00.000-04:00 title ART Image Rendering Vulnerability (2K/XP) version 71 accepted 2011-05-16T04:01:28.501-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Dragos Prisaca organization Gideon Technologies, Inc. name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption. family windows id oval:org.mitre.oval:def:1640 status accepted submitted 2006-06-14T09:55:00.000-04:00 title ART Image Rendering Vulnerability (XP,SP2) version 69 accepted 2011-05-16T04:01:32.674-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption. family windows id oval:org.mitre.oval:def:1668 status accepted submitted 2006-06-14T09:55:00.000-04:00 title ART Image Rendering Vulnerability (64-bit XP) version 68 accepted 2014-02-24T04:00:22.931-05:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Anna Min organization BigFix, Inc name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc. name Maria Mikhno organization ALTX-SOFT
description Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption. family windows id oval:org.mitre.oval:def:1756 status accepted submitted 2006-06-14T09:55:00.000-04:00 title ART Image Rendering Vulnerability (Win2K) version 72 accepted 2011-05-09T04:01:22.805-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Shane Shaffer organization G2, Inc.
description Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption. family windows id oval:org.mitre.oval:def:1866 status accepted submitted 2006-06-14T09:55:00.000-04:00 title ART Image Rendering Vulnerability (WinS03) version 66
References
- http://www.idefense.com/intelligence/vulnerabilities/display.php?id=407
- http://www.kb.cert.org/vuls/id/923236
- http://www.securityfocus.com/bid/18394
- http://secunia.com/advisories/20605
- http://www.us-cert.gov/cas/techalerts/TA06-164A.html
- http://securitytracker.com/id?1016292
- http://www.osvdb.org/26432
- http://www.vupen.com/english/advisories/2006/2320
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26809
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1866
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1756
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1668
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1640
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1590
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-022