Buffer Overflow Vulnerability in Microsoft Hyperlink Object Library
CVE-2006-3086

Currently unrated

Key Information:

Vendor: Microsoft
Status: Hyperlink Object Library
Vendor: CVE Published:; 19 June 2006

What is CVE-2006-3086?

A buffer overflow vulnerability exists in the HrShellOpenWithMonikerDisplayName function within Microsoft Hyperlink Object Library (hlink.dll). This flaw can be exploited by remote attackers through specially crafted hyperlinks, allowing for denial of service attacks or potential arbitrary code execution. The vulnerability manifests itself when the input exceeds the buffer size, particularly when Unicode links are utilized. Attackers may leverage this weakness in Excel worksheets, potentially leading to system crashes or unauthorized actions within affected applications.

References

http://www.securityfocus.com/archive/1/438057/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/archive/1/438093/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/archive/1/438373/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

44% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2006
Vulnerability Reserved
Jun 19, 2006