CVE-2006-4868
Description
Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.
Risk Information
Base Score
8.0
MODERATE
Vector
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
66.431
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Security Update for Windows XP Service Pack 2 (KB925486) | Windows |
| Security Update for Windows Server 2003 (KB925486) x86 based systems | Windows |
| Security Update for Windows Server 2003 (KB925486) x86 based systems for SP1 | Windows |
| Security Update for Internet Explorer 6 Service Pack 1 for Windows XP Service Pack 1 (KB925486) | Windows |
| Security Update for Internet Explorer 5.01 Service Pack 4 (KB925486) | Windows |
| Security Update for Internet Explorer 6 Service Pack 1 for Windows 2000 Service Pack 4 (KB925486) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1473 | Security Update for Windows XP Service Pack 2 (KB925486) |
| PATCH-1475 | Security Update for Windows Server 2003 (KB925486) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234