CVE-2006-6753

Event Viewer (eventvwr.exe) in Microsoft Windows does not properly display log data that contains '%' (percent) characters, which might make it impossible to use Event Viewer to determine the actual data that triggered an event, and might produce long strings that are not properly handled by certain processes that rely on Event Viewer.

CVSS v2.0 4.1 MEDIUM

4.1^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:L/Au:S/C:P/I:N/A:P

Exploitability : 5.1 / Impact : 4.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/archive/1/455044/100/0/threaded
http://www.securityfocus.com/archive/1/455071/100/0/threaded
http://www.securityfocus.com/archive/1/455077/100/0/threaded
http://www.securityfocus.com/archive/1/455079/100/0/threaded
http://www.securityfocus.com/archive/1/455087/100/0/threaded

Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:windows_event_viewer:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-12-27 01:28

Updated : 2024-02-28 11:01

NVD link : CVE-2006-6753

Mitre link : CVE-2006-6753

CVE.ORG link : CVE-2006-6753

JSON object : View

Products Affected

microsoft

windows_event_viewer

CWE

NVD-CWE-Other

{"id": "CVE-2006-6753", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.1, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 5.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-12-27T01:28:00.000", "references": [{"url": "http://www.securityfocus.com/archive/1/455044/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/455071/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/455077/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/455079/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/455087/100/0/threaded", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Event Viewer (eventvwr.exe) in Microsoft Windows does not properly display log data that contains '%' (percent) characters, which might make it impossible to use Event Viewer to determine the actual data that triggered an event, and might produce long strings that are not properly handled by certain processes that rely on Event Viewer."}, {"lang": "es", "value": "el Visor de Sucesos (eventvwr.exe) en Microsoft Windows no muestra adecuadamente la informaci\u00f3n de registro almacenada que contiene caracteres '%' (porcentaje), lo cual podr\u00eda hacer imposible utilizar el Visor de Sucesos para determinar los datos reales que dispararon un evento, y podr\u00eda producir cadenas largas que no son manejadas adecuadamente por determinados procesos que se basan en el Visor de Sucesos."}], "lastModified": "2018-10-17T21:49:32.443", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:windows_event_viewer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03B7EB3D-6451-4084-A9E6-2D797CB94E38"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}