Denial of Service Vulnerability in Microsoft WMF Parsing Application
CVE-2006-0020

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 98se; Windows Xp; Windows 2003 Server; Windows Me
Vendor: CVE Published:; 10 January 2006

What is CVE-2006-0020?

A vulnerability exists in Microsoft's WMF parsing application that may allow attackers to create specially crafted WMF files. When these files are processed by Internet Explorer versions 5.01 SP4 on Windows 2000 SP4 and 5.5 SP2 on Windows Millennium, it could lead to a denial of service, potentially crashing the application. This vulnerability may involve an integer overflow affecting the WMF header size, differing from another known vulnerability and impacting user systems significantly.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.osvdb.org/22976

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/18912

third-party-advisoryx_refsource_SECUNIA

EPSS Score

46% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 10, 2006
Vulnerability Reserved
Nov 30, 2005