CVE-2006-3086

Currently unrated

Key Information:

Vendor: Microsoft
Status: Hyperlink Object Library
Vendor: CVE Published:; 19 June 2006

Summary

Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka "Hyperlink COM Object Buffer Overflow Vulnerability." NOTE: this is a different issue than CVE-2006-3059.

References

http://www.securityfocus.com/archive/1/438057/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/archive/1/438093/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/archive/1/438373/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

95% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 19, 2006
Vulnerability Reserved
Jun 19, 2006

Collectors

NVD DatabaseMitre Database