Vulnerabilities > CVE-2006-3438 - Remote Buffer Overflow vulnerability in Microsoft Hyperlink Object Library Function
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file containing a malformed function," aka "Hyperlink Object Function Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS06-050.NASL |
description | The remote host is running a version of Windows that contains a flaw in the Hyperlink Object Library. An attacker could exploit this flaw to execute arbitrary code on the remote host. To exploit this flaw, an attacker would need to construct a malicious hyperlink and lure a victim into clicking it. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 22192 |
published | 2006-08-08 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/22192 |
title | MS06-050: Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670) |
Oval
accepted | 2011-05-09T04:00:05.287-04:00 | ||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||
description | Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file containing a malformed function," aka "Hyperlink Object Function Vulnerability." | ||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||
id | oval:org.mitre.oval:def:115 | ||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||
submitted | 2006-08-11T12:53:40 | ||||||||||||||||||||||||
title | Hyperlink Object Function Vulnerability | ||||||||||||||||||||||||
version | 71 |
References
- http://securitytracker.com/id?1016659
- http://www.kb.cert.org/vuls/id/683612
- http://www.securityfocus.com/bid/19405
- http://www.us-cert.gov/cas/techalerts/TA06-220A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-050
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A115