VDB
CVE-2006-0020
CVE-2006-0020
PUBLISHED
CVSS 9.300000190734863 CRITICAL
An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."
EPSS 35.19% · 97.1th percentile
Risk Scores
CVSS 2.0
9.300000190734863
EPSS Score
35.19%
97.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| microsoft | windows_xp | |
| microsoft | windows_98 | |
| microsoft | windows_2003_server | *, r2 |
| microsoft | windows_98se | |
| microsoft | windows_2000 | |
| microsoft | windows_me | |
| n/a | n/a | n/a |
Timeline
- Jan 10, 2006 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Dec 22, 2023 EPSS Score
References
- oval:org.mitre.oval:def:1638 vdb
- 22976 vdb
- 18912 third-party-advisory
- [funsec] 20060110 Another WMF flaw without a Microsoft patch mailing-list
- 18729 third-party-advisory
- http://www.microsoft.com/technet/security/advisory/913333.mspx url
- VU#312956 third-party-advisory
- ADV-2006-0469 vdb
- TA06-045A third-party-advisory
- 16516 vdb
- MS06-004 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2006-0020 advisory