Buffer Overflow Vulnerability in Microsoft Hyperlink Object Library
CVE-2006-3086

Currently unrated

Key Information:

Vendor
Microsoft
Status
Hyperlink Object Library
Vendor
CVE Published:
19 June 2006

Summary

A buffer overflow vulnerability exists in the HrShellOpenWithMonikerDisplayName function within Microsoft Hyperlink Object Library (hlink.dll). This flaw can be exploited by remote attackers through specially crafted hyperlinks, allowing for denial of service attacks or potential arbitrary code execution. The vulnerability manifests itself when the input exceeds the buffer size, particularly when Unicode links are utilized. Attackers may leverage this weakness in Excel worksheets, potentially leading to system crashes or unauthorized actions within affected applications.

References

http://www.securityfocus.com/archive/1/438057/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/438093/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/438373/100/0/threaded
mailing-listx_refsource_BUGTRAQ

EPSS Score

43% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2006-3086 : Buffer Overflow Vulnerability in Microsoft Hyperlink Object Library | SecurityVulnerability.io