Vulnerability CVE-2006-3445 - CERT Civis.Net

Vulnerability Name:

CVE-2006-3445 (CCN-29945)

Assigned:

2006-11-14

Published:

2006-11-14

Updated:

2018-10-18

Summary:

Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.

CVSS v3 Severity:

9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: Full-Disclosure Mailing List, Tue Jan 30 2007 - 01:56:59 CST
COSEINC Alert: Microsoft Agent Heap Overflow Vulnerability Technical Details (Patched)

Source: MITRE
Type: CNA
CVE-2006-3445

Source: CCN
Type: SA22878
Microsoft Windows Agent ActiveX Control Buffer Overflow

Source: SECUNIA
Type: Vendor Advisory
22878

Source: CCN
Type: SECTRACK ID: 1017222
Microsoft Agent `.ACF` File Memory Corruption Error Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1017222

Source: CCN
Type: ASA-2006-253
Microsoft Security Bulletin Summary for November 2006 (MS06-66 - MS06-71)

Source: MISC
Type: UNKNOWN
http://www.coseinc.com/alert.html

Source: CCN
Type: US-CERT VU#810772
Microsoft Agent fails to properly handle specially crafted .ACF files

Source: CERT-VN
Type: US Government Resource
VU#810772

Source: CCN
Type: Microsoft Security Bulletin MS06-068
Vulnerability in Microsoft Agent Could Allow Remote Code Execution (920213)

Source: BUGTRAQ
Type: UNKNOWN
20070130 COSEINC Alert: Microsoft Agent Heap Overflow Vulnerability Technical Details (Patched)

Source: BID
Type: UNKNOWN
21034

Source: CCN
Type: BID-21034
Microsoft Agent ActiveX Control Remote Code Execution Vulnerability

Source: CERT
Type: US Government Resource
TA06-318A

Source: VUPEN
Type: Vendor Advisory
ADV-2006-4506

Source: MS
Type: UNKNOWN
MS06-068

Source: XF
Type: UNKNOWN
ms-agent-acf-bo(29945)

Source: XF
Type: UNKNOWN
ms-agent-acf-bo(29945)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:154

Vulnerable Configuration:

Configuration 1:

cpe:/o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:itanium:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:154	V	Microsoft Agent Memory Corruption Vulnerability	2007-02-20