CVE-2006-4868

EXPLOITED

Microsoft Outlook & IE 6.0 - Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16597

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Trirat Puttaraksa · perlremotewindows

https://www.exploit-db.com/exploits/2426

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by jamikazu · htmlremotewindows

https://www.exploit-db.com/exploits/2425

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by hdm · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms06_055_vml_method.rb

View Code ZIP pw:eip

References (21)

[Patch, Vendor Advisory] http://secunia.com/advisories/21989

[Vendor Advisory] http://support.microsoft.com/kb/925486

[US Government Resource] http://www.kb.cert.org/vuls/id/416092

[Patch, Vendor Advisory] http://www.microsoft.com/technet/security/advisory/925568.mspx

[Third Party Advisory, VDB Entry] http://www.osvdb.org/28946

[Exploit, Patch] http://www.securityfocus.com/bid/20096

[Patch, US Government Resource] http://www.us-cert.gov/cas/techalerts/TA06-262A.html

[Vendor Advisory] http://www.vupen.com/english/advisories/2006/3679

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-055

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/29004

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100

[Various Sources] http://blogs.securiteam.com/index.php/archives/624

[Various Sources] http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/446378/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/446505/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/446523/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/446528/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/446881/100/200/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/447070/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/448552/100/0/threaded

... and 1 more

Scores

EPSS 0.6844

EPSS Percentile 98.6%

Details

VulnCheck KEV 2006-09-26

CWE

CWE-119

Status published

Products (3)

microsoft/internet_explorer 6.0

microsoft/internet_explorer 5.0.1 sp4

microsoft/outlook 2003

Published Sep 19, 2006

Tracked Since Feb 18, 2026