CVE-2006-2376
CVE-2006-2376 is a high-severity vulnerability in Microsoft Windows 98 with a CVSS 2.0 base score of 7.5. Its EPSS exploit-prediction score of 41% places it in the 98th percentile, indicating an elevated likelihood of exploitation. The underlying weakness is classified as CWE-189.
Key facts
- Severity: High (CVSS 2.0 base score 7.5)
- EPSS exploit prediction: 41% (98th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-189
- Affected product: Microsoft Windows 98
- Published:
- Last modified:
Description
Integer overflow in the PolyPolygon function in Graphics Rendering Engine on Microsoft Windows 98 and Me allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) or EMF image with a sum of entries in the vertext counts array and number of polygons that triggers a heap-based buffer overflow.
Frequently asked questions
- What is CVE-2006-2376?
- Integer overflow in the PolyPolygon function in Graphics Rendering Engine on Microsoft Windows 98 and Me allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) or EMF image with a sum of entries in the vertext counts array and number of polygons that triggers a heap-based buffer overflow.
- How severe is CVE-2006-2376?
- CVE-2006-2376 has a CVSS 2.0 base score of 7.5, rated high severity.
- Is CVE-2006-2376 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 41% (98th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2006-2376?
- CVE-2006-2376 primarily affects Microsoft Windows 98. In total, 3 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2006-2376?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2006-2376 published?
- CVE-2006-2376 was published on 2006-06-13 and last updated on 2026-06-16.
References
- http://secunia.com/advisories/20631
- http://securityreason.com/securityalert/1094
- http://securitytracker.com/id?1016286
- http://www.kb.cert.org/vuls/id/909508
- http://www.osvdb.org/26431
- http://www.securityfocus.com/archive/1/436950/100/0/threaded
- http://www.securityfocus.com/bid/18322
- http://www.us-cert.gov/cas/techalerts/TA06-164A.html
- http://www.vupen.com/english/advisories/2006/2324
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-026
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26815
Affected products (3)
- cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*
More vulnerabilities in Microsoft Windows 98
- CVE-2005-1208 — Critical (CVSS 10.0): Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote…
- CVE-2005-0059 — Critical (CVSS 10.0): Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers…
- CVE-2004-0901 — Critical (CVSS 10.0): Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data…
- CVE-2004-0571 — Critical (CVSS 10.0): Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers…
- CVE-2004-0214 — Critical (CVSS 10.0): Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me…
- CVE-2004-0201 — Critical (CVSS 10.0): Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000,…
All CVEs affecting Microsoft Windows 98 →
Other CWE-189 (Numeric Errors) vulnerabilities
- CVE-2015-8396 — Critical (CVSS 10.0): Integer overflow in the ImageRegionReader::ReadIntoBuffer function in…
- CVE-2015-7205 — Critical (CVSS 10.0): Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x…
- CVE-2015-6575 — Critical (CVSS 10.0): SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which…
- CVE-2015-3864 — Critical (CVSS 10.0): Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in…
- CVE-2015-3836 — Critical (CVSS 10.0): The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1…
- CVE-2015-3834 — Critical (CVSS 10.0): Multiple integer overflows in the BnHDCP::onTransact function in media/libmedia/IHDCP.cpp in libstagefright in Android…