CVE-2006-2297

CVE Database · CVE-2006-2297

CVE-2006-2297

· N/AModified

CVSS v3.1

N/A

EPSS

19.36%

Published

May 9, 2006

Modified

Apr 15, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMicrosoft Infotech Storage Library - Heap Corruption TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Heap-based buffer overflow in Microsoft Infotech Storage System Library (itss.dll) allows user-assisted attackers to execute arbitrary code via a crafted CHM / ITS file that triggers the overflow while decompiling.

Weaknesses (CWE)

CWE-119

Affected Products (1)

microsoft · infotech_storage_system_libraryvulnerable

References (20)

http://secunia.com/advisories/20061

Vendor Advisory

http://securityreason.com/securityalert/886

http://www.osvdb.org/25501

http://www.reversemode.com/advisories/advisory-itss.pdf

http://www.securityfocus.com/archive/1/433435/100/0/threaded

http://www.securityfocus.com/archive/1/433833/30/5040/threaded

http://www.securityfocus.com/archive/1/433854/100/0/threaded

http://www.securityfocus.com/bid/17926

Exploit

http://www.vupen.com/english/advisories/2006/1761

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/26340

KEV Catalog EPSS Scores Vendors All CVEs