CVE-2006-3086

critical

Microsoft

CVSS v3 Base Score

9.3

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS Score

59.6%

Exploitation probability in 30 days

Top 2% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Confidentiality

Integrity

Availability

Published: June 19, 2006 (7268 days ago)

Last Modified: April 16, 2026

Vendor: Microsoft

Source: NVD

Description

Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka "Hyperlink COM Object Buffer Overflow Vulnerability." NOTE: this is a different issue than CVE-2006-3059.

CWE

CWE-119

Affected Products

microsoft hyperlink object library

References

🔗 blogs.technet.com 🔗 marc.info 🔗 secunia.com 🔗 securitytracker.com 🔗 www.kb.cert.org

CVE-2006-3086

Vulnerability Report

Description

CWE

Affected Products

References