Buffer overflow in Microsoft Windows_2000
CVE-2006-0010
Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a craft…
Vulnerability class: Buffer Overflow
EPSS: 0.331 (98.1th percentile) — read the EPSS interpretation.
Affected products
- Microsoft Windows_2000
- Microsoft Windows_2003_server — versions datacenter_64-bit, enterprise, enterprise_64-bit
- Microsoft Windows_98
- Microsoft Windows_98se
- Microsoft Windows_me
- Microsoft Windows_nt — versions 3.5.1, 4.0
- Microsoft Windows_xp
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- secure@microsoft.com (mailing-list, x_refsource_FULLDISC)
- secure@microsoft.com (x_refsource_MISC)
- secure@microsoft.com (US Government Resource, x_refsource_CERT-VN, Third Party Advisory, third-party-advisory)
- secure@microsoft.com (x_refsource_EEYE, third-party-advisory)
- secure@microsoft.com (x_refsource_CONFIRM)
- secure@microsoft.com (x_refsource_OSVDB, vdb-entry)
- secure@microsoft.com (vdb-entry, x_refsource_VUPEN)
- secure@microsoft.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- secure@microsoft.com (x_refsource_MS, vendor-advisory)
- secure@microsoft.com (vdb-entry, x_refsource_XF)
Frequently asked questions
- What is CVE-2006-0010?
- CVE-2006-0010 is a vulnerability in Microsoft Windows_2000, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2006-01-10.
- Is CVE-2006-0010 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.