Buffer overflow in Microsoft Hyperlink Object Library

Vendor Patch Information: <a href="http://www.microsoft.com/technet/security/Bulletin/MS06-050.mspx" target="_blank" data-component="externalLink">MS06-050
NIST CVE #: <a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3086" target="_blank" data-component="externalLink">CVE-2006-3086
US-CERT Vulnerability #: <a href="http://www.kb.cert.org/vuls/id/394444" target="_blank" data-component="externalLink">VU39444
Secunia advisory #: <a href="http://secunia.com/advisories/20748" target="_blank" data-component="externalLink">20748

Mobile

by Robert Vamosi January 22, 2007 5:38 PM PST

There's a buffer overflow within the Microsoft Hyperlink Object Library (hlink.dll) that allows a remote attacker to cause a denial of service attack and then possibly execute arbitrary code on the compromised PC. This is done via a long hyperlink, as demonstrated when using an Excel worksheet with a long HTML link in Unicode.

Although this sounds similar, this vulnerability is a different from the Unspecified vulnerability in Microsoft Excel, or CVE-2006-3059. This flaw was patched in Microsoft Security Bulletin MS06-050.

Additional Resources: