CVE-2006-4183
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding.
Un desbordamiento de búfer en la región heap de la memoria en Microsoft DirectX SDK (Febrero de 2006) y probablemente anteriores, incluido el End User Runtimes versión 9.0c, permite a los atacantes dependiendo del contexto ejecutar código arbitrario por medio de un archivo Targa creado con una compresión de Codificación de Longitud de Ejecución (RLE) que produce más datos de los esperados al decodificar.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2006-08-16 CVE Reserved
- 2007-07-18 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=562 | Third Party Advisory | |
| http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=52 | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/474058/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/24963 | Vdb Entry | |
| http://www.securitytracker.com/id?1018420 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35492 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/26131 | 2018-10-17 | |
| http://www.vupen.com/english/advisories/2007/2577 | 2018-10-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Directx Sdk Search vendor "Microsoft" for product "Directx Sdk" | february_2006 Search vendor "Microsoft" for product "Directx Sdk" and version "february_2006" | - |
Affected
| ||||||