Vulnerability Note VU#411516
Microsoft Windows kernel fails to properly manage exception handling
An exception handling vulnerability in the Microsoft Windows kernel may allow a remote attacker to execute arbitrary code.
Microsoft Windows kernel contains an exception handling vulnerability that can allow a remote attacker to execute arbitrary code with privileges of the local user. Exploitation of this vulnerability can occur if an attacker convinces a user to visit a specially crafted web site.
Microsoft's bulletin states that the following Windows operating systems are affected by this vulnerability:
A remote attacker who can successfully convince a user visit a specially crafted web site may be able to execute arbitrary code with privileges of the local user.
Apply an update
Please see the Microsoft Security Bulletin MS06-051 for further details and cautions regarding use of the Registry Editor.
Read e-mail messages in plain text format.
E-mail messages viewed in plain text will not contain pictures, special fonts, or other rich content.
* Note that these workarounds do NOT fix the underlying vulnerability but will help block known methods of attack.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||08 Aug 2006|
CVSS Metrics (Learn More)
Thanks to Microsoft Security for reporting this vulnerability in Microsoft Security Bulletin MS06-051. Microsoft, in turn, thanks Matt Miller of Leviathan Security Group for reporting the vulnerability to them.
This document was written by Katie Washok.
- CVE IDs: CVE-2006-3648
- Date Public: 08 Aug 2006
- Date First Published: 08 Aug 2006
- Date Last Updated: 18 Sep 2006
- Severity Metric: 7.90
- Document Revision: 14
If you have feedback, comments, or additional information about this vulnerability, please send us email.