Vulnerability Description
An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows 2003 Server | r2 |
| Microsoft | Windows 98 | All versions |
| Microsoft | Windows 98Se | All versions |
| Microsoft | Windows Me | All versions |
| Microsoft | Windows Xp | All versions |
Related Weaknesses (CWE)
References
- http://linuxbox.org/pipermail/funsec/2006-January/002828.htmlExploitVendor Advisory
- http://secunia.com/advisories/18729PatchVendor Advisory
- http://secunia.com/advisories/18912Vendor Advisory
- http://www.kb.cert.org/vuls/id/312956PatchThird Party AdvisoryUS Government Resource
- http://www.microsoft.com/technet/security/advisory/913333.mspxVendor Advisory
- http://www.osvdb.org/22976
- http://www.securityfocus.com/bid/16516Patch
- http://www.us-cert.gov/cas/techalerts/TA06-045A.htmlThird Party AdvisoryUS Government Resource
- http://www.vupen.com/english/advisories/2006/0469
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-00
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://linuxbox.org/pipermail/funsec/2006-January/002828.htmlExploitVendor Advisory
- http://secunia.com/advisories/18729PatchVendor Advisory
- http://secunia.com/advisories/18912Vendor Advisory
- http://www.kb.cert.org/vuls/id/312956PatchThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2006-0020?
CVE-2006-0020 is a vulnerability with a CVSS score of 9.3 (HIGH). An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a...
How severe is CVE-2006-0020?
CVE-2006-0020 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0020?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows 2003 Server, Microsoft Windows 98, Microsoft Windows 98Se, Microsoft Windows Me.