CVE-2006-1591

3 documents3 sources

Severity

5.1MEDIUM

EPSS

23.9%

top 3.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 2003 Server Microsoft Windows NT

Timeline

PublishedApr 3

Latest updateMay 1

Description

Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/windows_nt4.0

▶NVDmicrosoft/windows_2003_server4 versions+3

🔴Vulnerability Details

GHSA

GHSA-rvq6-hp8x-g4vq: Heap-based buffer overflow in Microsoft Windows Help winhlp32↗2022-05-01

▶

CVEList

CVE-2006-1591: Heap-based buffer overflow in Microsoft Windows Help winhlp32↗2006-04-03

▶