NVD Vulnerability Detail

CVE-2006-3445

Summary	Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.
Summary	Microsoft Agent en Microsoft Windows 2000 SP4, XP SP2, y Server 2003 hasta el SP1 permite a atacantes remotos ejecutar código de su elección mediante un fichero .ACF artesanal que dispara una corrupción de memoria.
Publication Date	Nov. 15, 2006, 6:07 a.m.
Registration Date	Jan. 29, 2021, 3:41 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : HIGH
Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	はい
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:microsoft:windows_2000::sp4::fr::::
cpe:2.3:o:microsoft:windows_2003_server:64-bit:::::::*
cpe:2.3:o:microsoft:windows_2003_server:itanium:::::::*
cpe:2.3:o:microsoft:windows_2003_server:r2:::::::*
cpe:2.3:o:microsoft:windows_2003_server:sp1:::::::*
cpe:2.3:o:microsoft:windows_2003_server:sp1::itanium:::::
cpe:2.3:o:microsoft:windows_xp:::64-bit:::::*
cpe:2.3:o:microsoft:windows_xp::sp2:tablet_pc:::::

Related information, measures and tools

No	URL	refsource
1	http://secunia.com/advisories/22878	secure@microsoft.com
2	http://securitytracker.com/id?1017222	secure@microsoft.com
3	http://www.coseinc.com/alert.html	secure@microsoft.com
4	http://www.kb.cert.org/vuls/id/810772	secure@microsoft.com
5	http://www.securityfocus.com/archive/1/458558/100/0/threaded	secure@microsoft.com
6	http://www.securityfocus.com/bid/21034	secure@microsoft.com
7	http://www.us-cert.gov/cas/techalerts/TA06-318A.html	secure@microsoft.com
8	http://www.vupen.com/english/advisories/2006/4506	secure@microsoft.com
9	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-068	secure@microsoft.com
10	https://exchange.xforce.ibmcloud.com/vulnerabilities/29945	secure@microsoft.com
11	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A154	secure@microsoft.com
12	http://secunia.com/advisories/22878	af854a3a-2127-422b-91ae-364da2661108
13	http://securitytracker.com/id?1017222	af854a3a-2127-422b-91ae-364da2661108
14	http://www.coseinc.com/alert.html	af854a3a-2127-422b-91ae-364da2661108
15	http://www.kb.cert.org/vuls/id/810772	af854a3a-2127-422b-91ae-364da2661108
16	http://www.securityfocus.com/archive/1/458558/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
17	http://www.securityfocus.com/bid/21034	af854a3a-2127-422b-91ae-364da2661108
18	http://www.us-cert.gov/cas/techalerts/TA06-318A.html	af854a3a-2127-422b-91ae-364da2661108
19	http://www.vupen.com/english/advisories/2006/4506	af854a3a-2127-422b-91ae-364da2661108
20	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-068	af854a3a-2127-422b-91ae-364da2661108
21	https://exchange.xforce.ibmcloud.com/vulnerabilities/29945	af854a3a-2127-422b-91ae-364da2661108
22	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A154	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-189	数値処理の問題	https://cwe.mitre.org/data/definitions/189.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:microsoft:windows_2000::sp4::fr::::
cpe:2.3:o:microsoft:windows_2003_server:64-bit:::::::*
cpe:2.3:o:microsoft:windows_2003_server:itanium:::::::*
cpe:2.3:o:microsoft:windows_2003_server:r2:::::::*
cpe:2.3:o:microsoft:windows_2003_server:sp1:::::::*
cpe:2.3:o:microsoft:windows_2003_server:sp1::itanium:::::
cpe:2.3:o:microsoft:windows_xp:::64-bit:::::*
cpe:2.3:o:microsoft:windows_xp::sp2:tablet_pc:::::