CVE-2008-5823 - An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script

CVE-2008-5823

Summary

An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property.

References

Vulnerable Configurations

cpe:2.3:a:microsoft:money:2006:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:money:2006:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

refmap via4

misc	http://jbrownsec.blogspot.com/2008/12/new-year-research-are-upon-us.html
xf	ms-money-prtstb06-dos(47756)

Last major update

30-10-2018 - 16:25

Published

02-01-2009 - 19:30

Last modified

30-10-2018 - 16:25