cvelistv5 - CVE-2006-0026

CVE-2006-0026

Vulnerability from cvelistv5

Published

2006-07-11 22:00

Modified

2024-08-07 16:18

Severity ?

Summary

Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).

References

URL	Tags
secure@microsoft.com	http://archives.neohapsis.com/archives/bugtraq/2006-07/0316.html
secure@microsoft.com	http://secunia.com/advisories/21006	Patch, Vendor Advisory
secure@microsoft.com	http://securitytracker.com/id?1016466	Patch
secure@microsoft.com	http://www.kb.cert.org/vuls/id/395588	Patch, US Government Resource
secure@microsoft.com	http://www.osvdb.org/27152
secure@microsoft.com	http://www.securityfocus.com/bid/18858	Patch
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA06-192A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2006/2752
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-034
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/26796
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A435
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2006-07/0316.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21006	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016466	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/395588	Patch, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/27152
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/18858	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-192A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2752
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-034
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/26796
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A435

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:18:20.677Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20060718 ASP.DLL Include File Buffer Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0316.html"
          },
          {
            "name": "MS06-034",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-034"
          },
          {
            "name": "oval:org.mitre.oval:def:435",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A435"
          },
          {
            "name": "27152",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/27152"
          },
          {
            "name": "ADV-2006-2752",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2752"
          },
          {
            "name": "iis-asp-bo(26796)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26796"
          },
          {
            "name": "21006",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21006"
          },
          {
            "name": "18858",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18858"
          },
          {
            "name": "VU#395588",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/395588"
          },
          {
            "name": "1016466",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016466"
          },
          {
            "name": "TA06-192A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-192A.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-07-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "20060718 ASP.DLL Include File Buffer Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0316.html"
        },
        {
          "name": "MS06-034",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-034"
        },
        {
          "name": "oval:org.mitre.oval:def:435",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A435"
        },
        {
          "name": "27152",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/27152"
        },
        {
          "name": "ADV-2006-2752",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2752"
        },
        {
          "name": "iis-asp-bo(26796)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26796"
        },
        {
          "name": "21006",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21006"
        },
        {
          "name": "18858",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18858"
        },
        {
          "name": "VU#395588",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/395588"
        },
        {
          "name": "1016466",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016466"
        },
        {
          "name": "TA06-192A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-192A.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-0026",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060718 ASP.DLL Include File Buffer Overflow",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0316.html"
            },
            {
              "name": "MS06-034",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-034"
            },
            {
              "name": "oval:org.mitre.oval:def:435",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A435"
            },
            {
              "name": "27152",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/27152"
            },
            {
              "name": "ADV-2006-2752",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2752"
            },
            {
              "name": "iis-asp-bo(26796)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26796"
            },
            {
              "name": "21006",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21006"
            },
            {
              "name": "18858",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18858"
            },
            {
              "name": "VU#395588",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/395588"
            },
            {
              "name": "1016466",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016466"
            },
            {
              "name": "TA06-192A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-192A.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2006-0026",
    "datePublished": "2006-07-11T22:00:00",
    "dateReserved": "2005-11-30T00:00:00",
    "dateUpdated": "2024-08-07T16:18:20.677Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-0026\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2006-07-11T22:05:00.000\",\"lastModified\":\"2024-11-21T00:05:29.380\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer en Microsoft Internet Information Services (IIS) 5.0, 5.1, y 6.0 permite localmente y posiblemente a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de Active Server Pages (ASP) manipuladas.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7C954A7-FF84-4DEB-8728-5B207F374ECC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"413C07EA-139F-4B7D-A58B-835BD2591FA0\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2006-07/0316.html\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/21006\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016466\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/395588\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/27152\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/18858\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-192A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/2752\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-034\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/26796\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A435\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2006-07/0316.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/21006\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016466\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/395588\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/27152\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/18858\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-192A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/2752\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-034\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/26796\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A435\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-2w52-p6rg-2493

Vulnerability from github

Published

2022-05-01 06:37

Modified

2022-05-01 06:37

Details

Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-0026"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-07-11T22:05:00Z",
    "severity": "MODERATE"
  },
  "details": "Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).",
  "id": "GHSA-2w52-p6rg-2493",
  "modified": "2022-05-01T06:37:06Z",
  "published": "2022-05-01T06:37:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0026"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-034"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26796"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A435"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0316.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21006"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016466"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/395588"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/27152"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/18858"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-192A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/2752"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP). Microsoft DHCP Client service contains a buffer overflow. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Microsoft Office applications fail to properly handle PNG images. To exploit this issue, attackers must be able to place and execute malicious ASP pages on computers running the affected ASP server software. This may be an issue in shared-hosting environments.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

                    National Cyber Alert System

            Technical Cyber Security Alert TA06-192A

Microsoft Windows, Office, and IIS Vulnerabilities

Original release date: July 11, 2006 Last revised: -- Source: US-CERT

Systems Affected

 * Microsoft Windows
 * Microsoft Internet Information Services (IIS)
 * Microsoft Office
 * Microsoft Office for Mac
 * Microsoft Access
 * Microsoft Excel and Excel Viewer
 * Microsoft FrontPage
 * Microsoft InfoPath
 * Microsoft OneNote
 * Microsoft Outlook
 * Microsoft PowerPoint
 * Microsoft Project
 * Microsoft Publisher
 * Microsoft Visio
 * Microsoft Word and Word Viewer

Overview

Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, IIS, and Office.

I. Description

Microsoft Security Bulletin Summary for July 2006 addresses vulnerabilities in Microsoft products including Windows, IIS, and Office. (CVE-2006-0007)

In MS06-037, Microsoft has released updates for the Excel vulnerability (VU#802324) described in Technical Cyber Security Alert TA06-167A.

II. An attacker may also be able to cause a denial of service.

III. Solution

Apply a patch from your vendor

Microsoft has provided updates for these vulnerabilities in the Security Bulletins. Updates for Microsoft Windows and Microsoft Office XP and later are available on the Microsoft Update site. Apple Mac OS X users should obtain updates from the Mactopia web site.

System administrators may wish to consider using Windows Server Update Services (WSUS).

Workaround

Please see the following Vulnerability Notes for workarounds.

Appendix A. References

 * Microsoft Security Bulletin Summary for July 2006 -
   <http://www.microsoft.com/technet/security/bulletin/ms06-jul.mspx>

 * Technical Cyber Security Alert TA06-167A -
   <http://www.us-cert.gov/cas/techalerts/TA06-167A.html>

 * US-CERT Vulnerability Notes for Microsoft July 2006 updates -
   <http://www.kb.cert.org/vuls/byid?searchview&query=ms06-jul>

 * US-CERT Vulnerability Note VU#395588 -
   <http://www.kb.cert.org/vuls/id/395588>

 * US-CERT Vulnerability Note VU#189140 -
   <http://www.kb.cert.org/vuls/id/189140>

 * US-CERT Vulnerability Note VU#257164 -
   <http://www.kb.cert.org/vuls/id/257164>

 * US-CERT Vulnerability Note VU#802324 -
   <http://www.kb.cert.org/vuls/id/802324>

 * US-CERT Vulnerability Note VU#580036 -
   <http://www.kb.cert.org/vuls/id/580036>

 * US-CERT Vulnerability Note VU#609868 -
   <http://www.kb.cert.org/vuls/id/609868>

 * US-CERT Vulnerability Note VU#409316 -
   <http://www.kb.cert.org/vuls/id/409316>

 * US-CERT Vulnerability Note VU#459388 -
   <http://www.kb.cert.org/vuls/id/459388>

 * US-CERT Vulnerability Note VU#668564 -
   <http://www.kb.cert.org/vuls/id/668564>

 * CVE-2006-0026 -
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0026>

 * CVE-2006-1314 -
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1314>

 * CVE-2006-2372 -
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2372>

 * CVE-2006-3059 -
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3059>

 * CVE-2006-1316 -
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1316>

 * CVE-2006-1540 -
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1540>

 * CVE-2006-2389 -
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2389>

 * CVE-2006-0033 -
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0033>

 * CVE-2006-0007 -
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0007>

 * Microsoft Update - <https://update.microsoft.com/microsoftupdate>

 * Microsoft Office Update - <http://officeupdate.microsoft.com>

 * Mactopia - <http://www.microsoft.com/mac>

 * Windows Server Update Services -
   <http://www.microsoft.com/windowsserversystem/updateservices/default.mspx>

The most recent version of this document can be found at:

 <http://www.us-cert.gov/cas/techalerts/TA06-192A.html>

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA06-192A Feedback VU#802324" in the subject.

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.

Produced 2006 by US-CERT, a government organization.

 <http://www.us-cert.gov/legal.html>

Revision History

July 11, 2006: Initial release

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRLQsLn0pj593lg50AQLyjQf/blQM+kdtxI5/dQ/Njj99QuR3yBT9ERwJ QfZgOr8yN4rUhOU1xkXq6go7E1W4kfwuKVwwobLuYXk9Cq6xP4aVpt0/ws53wNHI iAvJ1rURSFcVwDAXKvbiv7mmjORA36R5M37JiwR0ny76f20yZaz8LTjMbhwSLyFR Cj7kPE0o6Fu0uUwI7ETskfcK4iF0PVoVW2mava1YG8zFuby/A+Ps7ddQvu/EcaxP Y12QXtCP1jsB3+iJKAh7aQAh9h8aV6nuq4NZyFAHmao8iQo7qd9BMG451xTPDxn3 PoM2y5R0bXko+E4hWudpjel/JABm+nIV3R9il1QDantUI0aCqTDS9A== =7GPc -----END PGP SIGNATURE----- . Other versions of Excel, and other Office programs may be affected or act as attack vectors. Opening a specially crafted Excel document, including documents hosted on web sites or attached to email messages, could trigger the vulnerability.

Office documents can contain embedded objects. For example, a malicious Excel document could be embedded in an Word or PowerPoint document. Office documents other than Excel documents could be used as attack vectors. If the user has administrative privileges, the attacker could gain complete control of the system. Solution

At the time of writing, there is no complete solution available. Consider the following workarounds:

Do not open untrusted Excel documents

Do not open unfamiliar or unexpected Excel or other Office documents, including those received as email attachments or hosted on a web site. Please see Cyber Security Tip ST04-010 for more information.

Do not rely on file extension filtering

In most cases, Windows will call Excel to open a document even if the document has an unknown file extension. For example, if document.x1s (note the digit "1") contains the correct file header information, Windows will open document.x1s with Excel.

The most recent version of this document can be found at:

 <http://www.us-cert.gov/cas/techalerts/TA06-167A.html>

Feedback can be directed to US-CERT Technical Staff

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200607-0007",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 7.2,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "internet information server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "6.0"
      },
      {
        "model": "internet information services",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "5.0"
      },
      {
        "model": "iis",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "microsoft",
        "version": "6.0"
      },
      {
        "model": "iis",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "microsoft",
        "version": "5.1"
      },
      {
        "model": "iis",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "microsoft",
        "version": "5.0"
      },
      {
        "model": "internet information server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "5.0"
      },
      {
        "model": "internet information server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "5.1"
      },
      {
        "model": "windows xp tablet pc edition sp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows xp tablet pc edition sp1",
        "scope": null,
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows xp tablet pc edition",
        "scope": null,
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows xp professional edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "x64"
      },
      {
        "model": "windows xp professional sp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows xp professional sp1",
        "scope": null,
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows xp professional",
        "scope": null,
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows xp media center edition sp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows xp media center edition sp1",
        "scope": null,
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows xp media center edition",
        "scope": null,
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows xp home sp2",
        "scope": null,
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows xp home sp1",
        "scope": null,
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows xp home",
        "scope": null,
        "trust": 0.3,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows xp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "0"
      },
      {
        "model": "windows server web edition sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "windows server web edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "windows server standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003x64"
      },
      {
        "model": "windows server standard edition sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "windows server standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "windows server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003x64"
      },
      {
        "model": "windows server enterprise edition itanium sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "windows server enterprise edition itanium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20030"
      },
      {
        "model": "windows server enterprise edition sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "windows server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "windows server datacenter edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003x64"
      },
      {
        "model": "windows server datacenter edition itanium sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "windows server datacenter edition itanium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20030"
      },
      {
        "model": "windows server datacenter edition sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "windows server datacenter edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2003"
      },
      {
        "model": "windows server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows professional sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows professional sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows professional sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows professional sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows datacenter server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows datacenter server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows datacenter server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows datacenter server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows datacenter server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows advanced server sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows advanced server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows advanced server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows advanced server sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      },
      {
        "model": "windows advanced server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2000"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#257164"
      },
      {
        "db": "CERT/CC",
        "id": "VU#189140"
      },
      {
        "db": "CERT/CC",
        "id": "VU#668564"
      },
      {
        "db": "CERT/CC",
        "id": "VU#459388"
      },
      {
        "db": "CERT/CC",
        "id": "VU#395588"
      },
      {
        "db": "CERT/CC",
        "id": "VU#609868"
      },
      {
        "db": "CERT/CC",
        "id": "VU#580036"
      },
      {
        "db": "CERT/CC",
        "id": "VU#409316"
      },
      {
        "db": "CERT/CC",
        "id": "VU#802324"
      },
      {
        "db": "BID",
        "id": "18858"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000375"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-145"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-0026"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:iis",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000375"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Brett Moore brett.moore@SECURITY-ASSESSMENT.COM",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-145"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-0026",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CVE-2006-0026",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2006-0026",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#257164",
            "trust": 0.8,
            "value": "78.00"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#189140",
            "trust": 0.8,
            "value": "11.99"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#668564",
            "trust": 0.8,
            "value": "17.63"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#459388",
            "trust": 0.8,
            "value": "21.16"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#395588",
            "trust": 0.8,
            "value": "19.43"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#609868",
            "trust": 0.8,
            "value": "33.67"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#580036",
            "trust": 0.8,
            "value": "16.03"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#409316",
            "trust": 0.8,
            "value": "22.44"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#802324",
            "trust": 0.8,
            "value": "46.54"
          },
          {
            "author": "NVD",
            "id": "CVE-2006-0026",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200607-145",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#257164"
      },
      {
        "db": "CERT/CC",
        "id": "VU#189140"
      },
      {
        "db": "CERT/CC",
        "id": "VU#668564"
      },
      {
        "db": "CERT/CC",
        "id": "VU#459388"
      },
      {
        "db": "CERT/CC",
        "id": "VU#395588"
      },
      {
        "db": "CERT/CC",
        "id": "VU#609868"
      },
      {
        "db": "CERT/CC",
        "id": "VU#580036"
      },
      {
        "db": "CERT/CC",
        "id": "VU#409316"
      },
      {
        "db": "CERT/CC",
        "id": "VU#802324"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000375"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-145"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-0026"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP). Microsoft DHCP Client service contains a buffer overflow. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Microsoft Office applications fail to properly handle PNG images. \nTo exploit this issue, attackers must be able to place and execute malicious ASP pages on computers running the affected ASP server software. This may be an issue in shared-hosting environments. \n\n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n                        National Cyber Alert System\n\n                Technical Cyber Security Alert TA06-192A\n\n\nMicrosoft Windows, Office, and IIS Vulnerabilities\n\n   Original release date: July 11, 2006\n   Last revised: --\n   Source: US-CERT\n\n\nSystems Affected\n\n     * Microsoft Windows\n     * Microsoft Internet Information Services (IIS)\n     * Microsoft Office\n     * Microsoft Office for Mac\n     * Microsoft Access\n     * Microsoft Excel and Excel Viewer\n     * Microsoft FrontPage\n     * Microsoft InfoPath\n     * Microsoft OneNote\n     * Microsoft Outlook\n     * Microsoft PowerPoint\n     * Microsoft Project\n     * Microsoft Publisher\n     * Microsoft Visio\n     * Microsoft Word and Word Viewer\n\n\nOverview\n\n   Microsoft has released updates that address critical vulnerabilities\n   in Microsoft Windows, IIS, and Office. \n\n\nI. Description\n\n   Microsoft Security Bulletin Summary for July 2006 addresses\n   vulnerabilities in Microsoft products including Windows, IIS, and\n   Office. \n   (CVE-2006-0007)\n\n\n   In MS06-037, Microsoft has released updates for the Excel\n   vulnerability (VU#802324) described in Technical Cyber Security Alert\n   TA06-167A. \n\n\nII. An attacker may also be able to cause a denial of\n   service. \n\n\nIII. Solution\n\nApply a patch from your vendor\n\n   Microsoft has provided updates for these vulnerabilities in the\n   Security Bulletins. Updates for Microsoft Windows and Microsoft Office\n   XP and later are available on the Microsoft Update site. \n   Apple Mac OS X users should obtain updates from the Mactopia web site. \n\n   System administrators may wish to consider using Windows Server Update\n   Services (WSUS). \n\nWorkaround\n\n   Please see the following Vulnerability Notes for workarounds. \n\n\nAppendix A. References\n\n     * Microsoft Security Bulletin Summary for July 2006 -\n       \u003chttp://www.microsoft.com/technet/security/bulletin/ms06-jul.mspx\u003e\n\n     * Technical Cyber Security Alert TA06-167A -\n       \u003chttp://www.us-cert.gov/cas/techalerts/TA06-167A.html\u003e\n\n     * US-CERT Vulnerability Notes for Microsoft July 2006 updates -\n       \u003chttp://www.kb.cert.org/vuls/byid?searchview\u0026query=ms06-jul\u003e\n\n     * US-CERT Vulnerability Note VU#395588 -\n       \u003chttp://www.kb.cert.org/vuls/id/395588\u003e\n\n     * US-CERT Vulnerability Note VU#189140 -\n       \u003chttp://www.kb.cert.org/vuls/id/189140\u003e\n\n     * US-CERT Vulnerability Note VU#257164 -\n       \u003chttp://www.kb.cert.org/vuls/id/257164\u003e\n\n     * US-CERT Vulnerability Note VU#802324 -\n       \u003chttp://www.kb.cert.org/vuls/id/802324\u003e\n\n     * US-CERT Vulnerability Note VU#580036 -\n       \u003chttp://www.kb.cert.org/vuls/id/580036\u003e\n\n     * US-CERT Vulnerability Note VU#609868 -\n       \u003chttp://www.kb.cert.org/vuls/id/609868\u003e\n\n     * US-CERT Vulnerability Note VU#409316 -\n       \u003chttp://www.kb.cert.org/vuls/id/409316\u003e\n\n     * US-CERT Vulnerability Note VU#459388 -\n       \u003chttp://www.kb.cert.org/vuls/id/459388\u003e\n\n     * US-CERT Vulnerability Note VU#668564 -\n       \u003chttp://www.kb.cert.org/vuls/id/668564\u003e\n\n     * CVE-2006-0026 -\n       \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0026\u003e\n\n     * CVE-2006-1314 -\n       \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1314\u003e\n\n     * CVE-2006-2372 -\n       \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2372\u003e\n\n     * CVE-2006-3059 -\n       \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3059\u003e\n\n     * CVE-2006-1316 -\n       \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1316\u003e\n\n     * CVE-2006-1540 -\n       \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1540\u003e\n\n     * CVE-2006-2389 -\n       \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2389\u003e\n\n     * CVE-2006-0033 -\n       \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0033\u003e\n\n     * CVE-2006-0007 -\n       \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0007\u003e\n\n     * Microsoft Update - \u003chttps://update.microsoft.com/microsoftupdate\u003e\n\n     * Microsoft Office Update - \u003chttp://officeupdate.microsoft.com\u003e\n\n     * Mactopia - \u003chttp://www.microsoft.com/mac\u003e\n\n     * Windows Server Update Services -\n       \u003chttp://www.microsoft.com/windowsserversystem/updateservices/default.mspx\u003e\n\n\n ____________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA06-192A.html\u003e\n ____________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to \u003ccert@cert.org\u003e with \"TA06-192A Feedback VU#802324\" in the\n   subject. \n ____________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n   Produced 2006 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\n   Revision History\n\n   July 11, 2006: Initial release\n\n\n    \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRLQsLn0pj593lg50AQLyjQf/blQM+kdtxI5/dQ/Njj99QuR3yBT9ERwJ\nQfZgOr8yN4rUhOU1xkXq6go7E1W4kfwuKVwwobLuYXk9Cq6xP4aVpt0/ws53wNHI\niAvJ1rURSFcVwDAXKvbiv7mmjORA36R5M37JiwR0ny76f20yZaz8LTjMbhwSLyFR\nCj7kPE0o6Fu0uUwI7ETskfcK4iF0PVoVW2mava1YG8zFuby/A+Ps7ddQvu/EcaxP\nY12QXtCP1jsB3+iJKAh7aQAh9h8aV6nuq4NZyFAHmao8iQo7qd9BMG451xTPDxn3\nPoM2y5R0bXko+E4hWudpjel/JABm+nIV3R9il1QDantUI0aCqTDS9A==\n=7GPc\n-----END PGP SIGNATURE-----\n. Other versions of\n   Excel, and other Office programs may be affected or act as attack\n   vectors. Opening a\n   specially crafted Excel document, including documents hosted on web\n   sites or attached to email messages, could trigger the vulnerability. \n\n   Office documents can contain embedded objects. For example, a\n   malicious Excel document could be embedded in an Word or PowerPoint\n   document. Office documents other than Excel documents could be used as\n   attack vectors. If the\n   user has administrative privileges, the attacker could gain complete\n   control of the system. Solution\n\n   At the time of writing, there is no complete solution available. \n   Consider the following workarounds:\n\nDo not open untrusted Excel documents\n\n   Do not open unfamiliar or unexpected Excel or other Office documents,\n   including those received as email attachments or hosted on a web site. \n   Please see Cyber Security Tip ST04-010 for more information. \n\nDo not rely on file extension filtering\n\n   In most cases, Windows will call Excel to open a document even if the\n   document has an unknown file extension. For example, if document.x1s\n   (note the digit \"1\") contains the correct file header information,\n   Windows will open document.x1s with Excel. \n ____________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA06-167A.html\u003e\n ____________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-0026"
      },
      {
        "db": "CERT/CC",
        "id": "VU#257164"
      },
      {
        "db": "CERT/CC",
        "id": "VU#189140"
      },
      {
        "db": "CERT/CC",
        "id": "VU#668564"
      },
      {
        "db": "CERT/CC",
        "id": "VU#459388"
      },
      {
        "db": "CERT/CC",
        "id": "VU#395588"
      },
      {
        "db": "CERT/CC",
        "id": "VU#609868"
      },
      {
        "db": "CERT/CC",
        "id": "VU#580036"
      },
      {
        "db": "CERT/CC",
        "id": "VU#409316"
      },
      {
        "db": "CERT/CC",
        "id": "VU#802324"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000375"
      },
      {
        "db": "BID",
        "id": "18858"
      },
      {
        "db": "PACKETSTORM",
        "id": "48187"
      },
      {
        "db": "PACKETSTORM",
        "id": "47665"
      }
    ],
    "trust": 8.55
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#395588",
        "trust": 3.6
      },
      {
        "db": "NVD",
        "id": "CVE-2006-0026",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "18858",
        "trust": 2.7
      },
      {
        "db": "USCERT",
        "id": "TA06-192A",
        "trust": 2.5
      },
      {
        "db": "SECUNIA",
        "id": "21006",
        "trust": 2.4
      },
      {
        "db": "SECTRACK",
        "id": "1016466",
        "trust": 1.6
      },
      {
        "db": "OSVDB",
        "id": "27152",
        "trust": 1.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-2752",
        "trust": 1.6
      },
      {
        "db": "CERT/CC",
        "id": "VU#802324",
        "trust": 1.0
      },
      {
        "db": "USCERT",
        "id": "TA06-167A",
        "trust": 1.0
      },
      {
        "db": "CERT/CC",
        "id": "VU#257164",
        "trust": 0.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#189140",
        "trust": 0.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#668564",
        "trust": 0.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#459388",
        "trust": 0.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#609868",
        "trust": 0.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#580036",
        "trust": 0.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#409316",
        "trust": 0.9
      },
      {
        "db": "OSVDB",
        "id": "26527",
        "trust": 0.8
      },
      {
        "db": "SECUNIA",
        "id": "20686",
        "trust": 0.8
      },
      {
        "db": "BID",
        "id": "18422",
        "trust": 0.8
      },
      {
        "db": "USCERT",
        "id": "SA06-192A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000375",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-145",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "48187",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "47665",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#257164"
      },
      {
        "db": "CERT/CC",
        "id": "VU#189140"
      },
      {
        "db": "CERT/CC",
        "id": "VU#668564"
      },
      {
        "db": "CERT/CC",
        "id": "VU#459388"
      },
      {
        "db": "CERT/CC",
        "id": "VU#395588"
      },
      {
        "db": "CERT/CC",
        "id": "VU#609868"
      },
      {
        "db": "CERT/CC",
        "id": "VU#580036"
      },
      {
        "db": "CERT/CC",
        "id": "VU#409316"
      },
      {
        "db": "CERT/CC",
        "id": "VU#802324"
      },
      {
        "db": "BID",
        "id": "18858"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000375"
      },
      {
        "db": "PACKETSTORM",
        "id": "48187"
      },
      {
        "db": "PACKETSTORM",
        "id": "47665"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-145"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-0026"
      }
    ]
  },
  "id": "VAR-200607-0007",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 1.0
  },
  "last_update_date": "2024-11-29T21:58:09.360000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "MS06-034",
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms06-034.mspx"
      },
      {
        "title": "MS06-034",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/technet/security/bulletin/ms06-034.mspx"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000375"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-0026"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 4.8,
        "url": "about vulnerability notes"
      },
      {
        "trust": 4.8,
        "url": "contact us about this vulnerability"
      },
      {
        "trust": 4.8,
        "url": "provide a vendor statement"
      },
      {
        "trust": 2.7,
        "url": "http://www.kb.cert.org/vuls/id/395588"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/18858"
      },
      {
        "trust": 2.4,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-192a.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms06-035.mspx"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/21006"
      },
      {
        "trust": 1.6,
        "url": "http://securitytracker.com/id?1016466"
      },
      {
        "trust": 1.6,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0316.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.osvdb.org/27152"
      },
      {
        "trust": 1.6,
        "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-034"
      },
      {
        "trust": 1.6,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26796"
      },
      {
        "trust": 1.6,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a435"
      },
      {
        "trust": 1.6,
        "url": "http://www.vupen.com/english/advisories/2006/2752"
      },
      {
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms06-036.mspx"
      },
      {
        "trust": 0.8,
        "url": "http://www.faqs.org/rfcs/rfc2131.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.tippingpoint.com/security/advisories/tsrt-06-02.html"
      },
      {
        "trust": 0.8,
        "url": "http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ipc/base/about_mailslots.asp"
      },
      {
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms06-037.mspx"
      },
      {
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/advisory/921365.mspx"
      },
      {
        "trust": 0.8,
        "url": "http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/20686/"
      },
      {
        "trust": 0.8,
        "url": "http://securityresponse.symantec.com/avcenter/venc/data/trojan.mdropper.j.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/18422"
      },
      {
        "trust": 0.8,
        "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26527"
      },
      {
        "trust": 0.8,
        "url": "http://isc.sans.org/diary.php?storyid=1420"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0026"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2006/2752"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2006/at060010.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta06-192a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta06-167a/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta06-192a/"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta06-167a/"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-0026"
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21006/"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa06-192a.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-167a.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/important/2006/20060621_110225.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/important/2006/20060712_072107.html"
      },
      {
        "trust": 0.3,
        "url": "http://ruder.cdut.net/default.asp"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/windowsserver2003/iis/default.mspx"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms06-034.mspx"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/440457"
      },
      {
        "trust": 0.2,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-167a.html\u003e"
      },
      {
        "trust": 0.2,
        "url": "http://www.us-cert.gov/cas/signup.html\u003e."
      },
      {
        "trust": 0.2,
        "url": "http://www.kb.cert.org/vuls/id/802324\u003e"
      },
      {
        "trust": 0.2,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=ms06-jul\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-0026"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/580036\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-1316"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/257164\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-1540"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-192a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://update.microsoft.com/microsoftupdate\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://officeupdate.microsoft.com\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2372\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/409316\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/609868\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms06-jul.mspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/mac\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-0007"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2372"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-2389"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/459388\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0026\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/668564\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0007\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/189140\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-0033"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-1314"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1540\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1314\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2389\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1316\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2006-3059"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0033\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/windowsserversystem/updateservices/default.mspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3059\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/395588\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/tips/st04-010.html\u003e"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#257164"
      },
      {
        "db": "CERT/CC",
        "id": "VU#189140"
      },
      {
        "db": "CERT/CC",
        "id": "VU#668564"
      },
      {
        "db": "CERT/CC",
        "id": "VU#459388"
      },
      {
        "db": "CERT/CC",
        "id": "VU#395588"
      },
      {
        "db": "CERT/CC",
        "id": "VU#609868"
      },
      {
        "db": "CERT/CC",
        "id": "VU#580036"
      },
      {
        "db": "CERT/CC",
        "id": "VU#409316"
      },
      {
        "db": "CERT/CC",
        "id": "VU#802324"
      },
      {
        "db": "BID",
        "id": "18858"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000375"
      },
      {
        "db": "PACKETSTORM",
        "id": "48187"
      },
      {
        "db": "PACKETSTORM",
        "id": "47665"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-145"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-0026"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#257164"
      },
      {
        "db": "CERT/CC",
        "id": "VU#189140"
      },
      {
        "db": "CERT/CC",
        "id": "VU#668564"
      },
      {
        "db": "CERT/CC",
        "id": "VU#459388"
      },
      {
        "db": "CERT/CC",
        "id": "VU#395588"
      },
      {
        "db": "CERT/CC",
        "id": "VU#609868"
      },
      {
        "db": "CERT/CC",
        "id": "VU#580036"
      },
      {
        "db": "CERT/CC",
        "id": "VU#409316"
      },
      {
        "db": "CERT/CC",
        "id": "VU#802324"
      },
      {
        "db": "BID",
        "id": "18858"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000375"
      },
      {
        "db": "PACKETSTORM",
        "id": "48187"
      },
      {
        "db": "PACKETSTORM",
        "id": "47665"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-145"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-0026"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-07-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#257164"
      },
      {
        "date": "2006-07-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#189140"
      },
      {
        "date": "2006-07-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#668564"
      },
      {
        "date": "2006-07-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#459388"
      },
      {
        "date": "2006-07-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#395588"
      },
      {
        "date": "2006-07-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#609868"
      },
      {
        "date": "2006-07-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#580036"
      },
      {
        "date": "2006-07-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#409316"
      },
      {
        "date": "2006-06-16T00:00:00",
        "db": "CERT/CC",
        "id": "VU#802324"
      },
      {
        "date": "2006-07-11T00:00:00",
        "db": "BID",
        "id": "18858"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000375"
      },
      {
        "date": "2006-07-12T09:29:58",
        "db": "PACKETSTORM",
        "id": "48187"
      },
      {
        "date": "2006-06-26T05:52:29",
        "db": "PACKETSTORM",
        "id": "47665"
      },
      {
        "date": "2006-07-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200607-145"
      },
      {
        "date": "2006-07-11T22:05:00",
        "db": "NVD",
        "id": "CVE-2006-0026"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-07-13T00:00:00",
        "db": "CERT/CC",
        "id": "VU#257164"
      },
      {
        "date": "2006-07-18T00:00:00",
        "db": "CERT/CC",
        "id": "VU#189140"
      },
      {
        "date": "2006-07-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#668564"
      },
      {
        "date": "2006-07-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#459388"
      },
      {
        "date": "2006-07-19T00:00:00",
        "db": "CERT/CC",
        "id": "VU#395588"
      },
      {
        "date": "2006-07-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#609868"
      },
      {
        "date": "2006-07-13T00:00:00",
        "db": "CERT/CC",
        "id": "VU#580036"
      },
      {
        "date": "2006-07-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#409316"
      },
      {
        "date": "2006-07-11T00:00:00",
        "db": "CERT/CC",
        "id": "VU#802324"
      },
      {
        "date": "2006-07-27T17:17:00",
        "db": "BID",
        "id": "18858"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000375"
      },
      {
        "date": "2020-11-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200607-145"
      },
      {
        "date": "2024-11-21T00:05:29.380000",
        "db": "NVD",
        "id": "CVE-2006-0026"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "48187"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-145"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft DHCP Client service contains a buffer overflow",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#257164"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-145"
      }
    ],
    "trust": 0.6
  }
}

gsd-2006-0026

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).

Aliases

CVE-2006-0026

Aliases

CVE-2006-0026

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-0026",
    "description": "Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).",
    "id": "GSD-2006-0026"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-0026"
      ],
      "details": "Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).",
      "id": "GSD-2006-0026",
      "modified": "2023-12-13T01:19:50.723469Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2006-0026",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP)."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20060718 ASP.DLL Include File Buffer Overflow",
            "refsource": "BUGTRAQ",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0316.html"
          },
          {
            "name": "MS06-034",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-034"
          },
          {
            "name": "oval:org.mitre.oval:def:435",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A435"
          },
          {
            "name": "27152",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/27152"
          },
          {
            "name": "ADV-2006-2752",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/2752"
          },
          {
            "name": "iis-asp-bo(26796)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26796"
          },
          {
            "name": "21006",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21006"
          },
          {
            "name": "18858",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/18858"
          },
          {
            "name": "VU#395588",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/395588"
          },
          {
            "name": "1016466",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016466"
          },
          {
            "name": "TA06-192A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-192A.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-0026"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#395588",
              "refsource": "CERT-VN",
              "tags": [
                "Patch",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/395588"
            },
            {
              "name": "18858",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/18858"
            },
            {
              "name": "1016466",
              "refsource": "SECTRACK",
              "tags": [
                "Patch"
              ],
              "url": "http://securitytracker.com/id?1016466"
            },
            {
              "name": "21006",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/21006"
            },
            {
              "name": "TA06-192A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-192A.html"
            },
            {
              "name": "20060718 ASP.DLL Include File Buffer Overflow",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0316.html"
            },
            {
              "name": "27152",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/27152"
            },
            {
              "name": "ADV-2006-2752",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/2752"
            },
            {
              "name": "iis-asp-bo(26796)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26796"
            },
            {
              "name": "oval:org.mitre.oval:def:435",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A435"
            },
            {
              "name": "MS06-034",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-034"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2020-11-23T19:49Z",
      "publishedDate": "2006-07-11T22:05Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2006-0026

Vulnerability from cvelistv5

ghsa-2w52-p6rg-2493

Vulnerability from github

var-200607-0007

Vulnerability from variot

gsd-2006-0026

Vulnerability from gsd

Tags

Sightings

Nomenclature