CVE-2006-2378 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft IE

3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

62.4%

top 1.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft IE Microsoft Internet Explorer Microsoft Windows 2003 Server

Timeline

PublishedJun 13

Latest updateMay 1

Description

Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶NVDmicrosoft/windows_2003_server10 versions+9

▶NVDmicrosoft/ie6.0

▶NVDmicrosoft/internet_explorer5.0.1, 6.0+1

Patches

Patch: www.kb.cert.org ↗Patch: www.securityfocus.com ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-f73r-3cqj-hmq5: Buffer overflow in the ART Image Rendering component (jgdw400↗2022-05-01

▶

CVEList

CVE-2006-2378: Buffer overflow in the ART Image Rendering component (jgdw400↗2006-06-13

▶