Vulnerability CVE-2006-3351 - CERT Civis.Net

Vulnerability Name:

CVE-2006-3351 (CCN-27567)

Assigned:

2006-07-05

Published:

2006-07-05

Updated:

2018-10-18

Summary:

Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2003 allows user-assisted attackers to cause a denial of service (repeated crash) and possibly execute arbitrary code via a .url file with an InternetShortcut tag containing a long URL and a large number of "file:" specifiers.

CVSS v3 Severity:

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

5.4 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C)
4.4 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

5.4 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C)
4.4 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:C/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: CCN
Type: BugTraq Mailing List, Wed Jul 05 2006 - 00:53:52 CDT
Windows Explorer URL File format overflow

Source: MITRE
Type: CNA
CVE-2006-3351

Source: SREASON
Type: UNKNOWN
1186

Source: CCN
Type: OSVDB ID: 28372
Microsoft Windows Explorer URL Passing Recursive file Tag Local DoS

Source: BUGTRAQ
Type: UNKNOWN
20060705 Windows Explorer URL File format overflow

Source: BUGTRAQ
Type: UNKNOWN
20060706 Re: Windows Explorer URL File format overflow

Source: BID
Type: Exploit
18838

Source: CCN
Type: BID-18838
Windows Explorer Explorer.exe Denial Of Service Vulnerability

Source: XF
Type: UNKNOWN
win-explorer-url-dos(27567)

Source: XF
Type: UNKNOWN
win-explorer-url-dos(27567)

Vulnerable Configuration:

Configuration 1:

cpe:/o:microsoft:windows_2003_server:3.1.0.3270:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:datacenter_64-bit:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:datacenter_64-bit:sp1_beta_1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:datacenter_edition:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:datacenter_edition:sp1_beta_1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:datacenter_edition_64-bit:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:datacenter_edition_64-bit:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:datacenter_edition_64-bit:sp1_beta_1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise:sp1_beta_1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:sp1_beta_1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise_edition:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise_edition:sp1_beta_1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise_edition_64-bit:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise_edition_64-bit:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise_edition_64-bit:sp1_beta_1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:r2:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:r2:sp1_beta_1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:sp1:*:enterprise:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:standard:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:standard:sp1_beta_1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:web:sp1_beta_1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:embedded:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:gold:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:gold:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:ibm_oem_version:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:ibm_oem_version:sp1:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:microsoft:windows:xp:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*

Denotes that component is vulnerable