cvelistv5 - cve-2006-3961

CVE-2006-3961 (GCVE-0-2006-3961)

Vulnerability from cvelistv5 – Published: 2006-08-01 21:00 – Updated: 2024-08-07 18:48

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/19265	vdb-entryx_refsource_BID
	http://www.eeye.com/html/research/upcoming/200607…	x_refsource_MISC
	http://securitytracker.com/id?1016614	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/archive/1/442495/100…	mailing-listx_refsource_BUGTRAQ
	http://www.osvdb.org/27698	vdb-entryx_refsource_OSVDB
	http://www.vupen.com/english/advisories/2006/3096	vdb-entryx_refsource_VUPEN
	http://www.eeye.com/html/research/advisories/AD20…	x_refsource_MISC
	http://ts.mcafeehelp.com/faq3.asp?docid=407052	x_refsource_CONFIRM
	http://secunia.com/advisories/21264	third-party-advisoryx_refsource_SECUNIA
	http://www.kb.cert.org/vuls/id/481212	third-party-advisoryx_refsource_CERT-VN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:48:39.348Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "19265",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19265"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.eeye.com/html/research/upcoming/20060719.html"
          },
          {
            "name": "1016614",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016614"
          },
          {
            "name": "20060807 [EEYEB-20060719] McAfee Subscription Manager Stack Buffer Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/442495/100/100/threaded"
          },
          {
            "name": "27698",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/27698"
          },
          {
            "name": "ADV-2006-3096",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3096"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.eeye.com/html/research/advisories/AD2006807.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ts.mcafeehelp.com/faq3.asp?docid=407052"
          },
          {
            "name": "21264",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21264"
          },
          {
            "name": "VU#481212",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/481212"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-07-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "19265",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19265"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.eeye.com/html/research/upcoming/20060719.html"
        },
        {
          "name": "1016614",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016614"
        },
        {
          "name": "20060807 [EEYEB-20060719] McAfee Subscription Manager Stack Buffer Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/442495/100/100/threaded"
        },
        {
          "name": "27698",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/27698"
        },
        {
          "name": "ADV-2006-3096",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3096"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.eeye.com/html/research/advisories/AD2006807.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ts.mcafeehelp.com/faq3.asp?docid=407052"
        },
        {
          "name": "21264",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21264"
        },
        {
          "name": "VU#481212",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/481212"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3961",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "19265",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19265"
            },
            {
              "name": "http://www.eeye.com/html/research/upcoming/20060719.html",
              "refsource": "MISC",
              "url": "http://www.eeye.com/html/research/upcoming/20060719.html"
            },
            {
              "name": "1016614",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016614"
            },
            {
              "name": "20060807 [EEYEB-20060719] McAfee Subscription Manager Stack Buffer Overflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/442495/100/100/threaded"
            },
            {
              "name": "27698",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/27698"
            },
            {
              "name": "ADV-2006-3096",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3096"
            },
            {
              "name": "http://www.eeye.com/html/research/advisories/AD2006807.html",
              "refsource": "MISC",
              "url": "http://www.eeye.com/html/research/advisories/AD2006807.html"
            },
            {
              "name": "http://ts.mcafeehelp.com/faq3.asp?docid=407052",
              "refsource": "CONFIRM",
              "url": "http://ts.mcafeehelp.com/faq3.asp?docid=407052"
            },
            {
              "name": "21264",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21264"
            },
            {
              "name": "VU#481212",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/481212"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3961",
    "datePublished": "2006-08-01T21:00:00",
    "dateReserved": "2006-08-01T00:00:00",
    "dateUpdated": "2024-08-07T18:48:39.348Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:antispyware:2005:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B862ADF2-A544-4729-9EE4-D140C58D6AEB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:antispyware:2006:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5350EE37-53D7-4DFB-84FC-0FA6A7C1C123\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:internet_security_suite:2004:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB0A7659-25FF-4E18-B2BA-34F6FD6410F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:internet_security_suite:2005:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C22BB62-9790-4D89-B1B4-D5E0F4FFB3C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:internet_security_suite:2006:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E69BB96-F48B-43DA-BA7B-530E5148CCC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:personal_firewall_plus:2004:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F3E0836-557F-46C8-BBDE-955D3AEBB6B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:personal_firewall_plus:2005:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F62AF06-16DD-4C6C-BD48-BFA08629739C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:personal_firewall_plus:2006:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"134C4C4F-92A0-4B89-B06A-4FB8D9513AFE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:privacy_service:2004:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F945365-B065-44A6-8CEC-2CBCE4DD23C4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:privacy_service:2005:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB1AC389-8BBF-4784-ABCD-99E379AC6B75\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:privacy_service:2006:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E03296D-5FC1-450D-BC05-6F6E9A90CF77\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:quickclean:2004:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"931427A2-B69B-4418-8374-854A5F9420DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:quickclean:2005:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E19A9E38-E637-487A-BC06-F0CA6481E7EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:quickclean:2006:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE3B1863-DBB3-4458-899B-CEEAD9275B17\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:security_center:4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DD547C9C-9D50-49ED-8EFE-1DD7484DDED5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:security_center:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"210F5447-4FC7-4278-9F2A-C64BBB5A86DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:security_center:6.0.22:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BECBD40D-ACBD-4E88-B230-ECFE98FD9F5D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:security_center:6.0.23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A82098C7-30FE-464E-891F-868A0209D9DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:spamkiller:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0652B16C-7D9A-4743-AB54-6F205CA1E76D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:spamkiller:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6CBC8F91-2534-4DAC-BDE3-AE49E19A6A8E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:spamkiller:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B33F2AC-4BBE-4DE0-A61E-378972011BB0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:virusscan:2004:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4D9B7B07-E3EF-4185-927C-CE308829B9A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:virusscan:2005:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F58D6A2F-AC08-4C1D-9ABF-4D675A1E87AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:virusscan:2006:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E96246D-3184-4BBB-8675-9B1CBE0B977C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mcafee:wireless_home_network_security:2006:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B3DC47F-853B-44B0-BD8B-C2EE4530B333\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de b\\u00fafer en control ActiveX McSubMgr (mcsubmgr.dll) en McAfee Security Center 6.0.23 para Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, y QuickClean permite a atacantes con la intervenci\\u00f3n del usuario ejecutar comandos de su elecci\\u00f3n a trav\\u00e9s de par\\u00e1ametros string, los cuales son posteriormente usados en vsprintf.\"}]",
      "id": "CVE-2006-3961",
      "lastModified": "2024-11-21T00:14:48.890",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": true}]}",
      "published": "2006-08-01T21:04:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/21264\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1016614\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://ts.mcafeehelp.com/faq3.asp?docid=407052\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.eeye.com/html/research/advisories/AD2006807.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.eeye.com/html/research/upcoming/20060719.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/481212\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/27698\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/442495/100/100/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/19265\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/3096\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/21264\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1016614\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://ts.mcafeehelp.com/faq3.asp?docid=407052\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.eeye.com/html/research/advisories/AD2006807.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.eeye.com/html/research/upcoming/20060719.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/481212\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/27698\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/442495/100/100/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/19265\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/3096\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-3961\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-08-01T21:04:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer en control ActiveX McSubMgr (mcsubmgr.dll) en McAfee Security Center 6.0.23 para Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, y QuickClean permite a atacantes con la intervenci\u00f3n del usuario ejecutar comandos de su elecci\u00f3n a trav\u00e9s de par\u00e1ametros string, los cuales son posteriormente usados en vsprintf.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:antispyware:2005:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B862ADF2-A544-4729-9EE4-D140C58D6AEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:antispyware:2006:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5350EE37-53D7-4DFB-84FC-0FA6A7C1C123\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:internet_security_suite:2004:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB0A7659-25FF-4E18-B2BA-34F6FD6410F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:internet_security_suite:2005:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C22BB62-9790-4D89-B1B4-D5E0F4FFB3C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:internet_security_suite:2006:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E69BB96-F48B-43DA-BA7B-530E5148CCC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:personal_firewall_plus:2004:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F3E0836-557F-46C8-BBDE-955D3AEBB6B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:personal_firewall_plus:2005:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F62AF06-16DD-4C6C-BD48-BFA08629739C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:personal_firewall_plus:2006:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"134C4C4F-92A0-4B89-B06A-4FB8D9513AFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:privacy_service:2004:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F945365-B065-44A6-8CEC-2CBCE4DD23C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:privacy_service:2005:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB1AC389-8BBF-4784-ABCD-99E379AC6B75\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:privacy_service:2006:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E03296D-5FC1-450D-BC05-6F6E9A90CF77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:quickclean:2004:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"931427A2-B69B-4418-8374-854A5F9420DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:quickclean:2005:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E19A9E38-E637-487A-BC06-F0CA6481E7EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:quickclean:2006:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE3B1863-DBB3-4458-899B-CEEAD9275B17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:security_center:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD547C9C-9D50-49ED-8EFE-1DD7484DDED5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:security_center:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"210F5447-4FC7-4278-9F2A-C64BBB5A86DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:security_center:6.0.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BECBD40D-ACBD-4E88-B230-ECFE98FD9F5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:security_center:6.0.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A82098C7-30FE-464E-891F-868A0209D9DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:spamkiller:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0652B16C-7D9A-4743-AB54-6F205CA1E76D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:spamkiller:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CBC8F91-2534-4DAC-BDE3-AE49E19A6A8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:spamkiller:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B33F2AC-4BBE-4DE0-A61E-378972011BB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:virusscan:2004:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D9B7B07-E3EF-4185-927C-CE308829B9A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:virusscan:2005:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F58D6A2F-AC08-4C1D-9ABF-4D675A1E87AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:virusscan:2006:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E96246D-3184-4BBB-8675-9B1CBE0B977C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mcafee:wireless_home_network_security:2006:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B3DC47F-853B-44B0-BD8B-C2EE4530B333\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/21264\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016614\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://ts.mcafeehelp.com/faq3.asp?docid=407052\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.eeye.com/html/research/advisories/AD2006807.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.eeye.com/html/research/upcoming/20060719.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/481212\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/27698\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/442495/100/100/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/19265\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/3096\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/21264\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016614\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://ts.mcafeehelp.com/faq3.asp?docid=407052\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.eeye.com/html/research/advisories/AD2006807.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.eeye.com/html/research/upcoming/20060719.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/481212\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/27698\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/442495/100/100/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/19265\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/3096\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

VAR-200608-0456

Vulnerability from variot - Updated: 2023-12-18 13:54

Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf. McAfee SecurityCenter is prone to a stack-based buffer-overflow vulnerability. This vulnerability requires a certain amount of user-interaction for an attack to occur, such as visiting a malicious website. A successful exploit would let a remote attacker execute code with the privileges of the currently logged in user. This issue is reported to affect versions 4.3 through 6.0.22. Please see the affected packages section for a list of McAfee consumer products that ship with vulnerable versions of the McAfee SecurityCenter. McAfee Subscription Manager (McAfee Subscription Manager) is a component released together with many McAfee products to manage product permissions. It is an ActiveX control, through which manufacturers can check the legality of product use. McSubMgr.dll, the implementation module of the product inspection manager, does not check the length of the incoming parameters. Remote attackers can lure users to visit malicious websites, and transmit data exceeding 3000 bytes to McSubMgr.dll in web scripts, resulting in stack overflow. to execute arbitrary commands. Link: http://www.securityfocus.com/archive/1/442495/30/0/threaded.

Hardcore Disassembler / Reverse Engineer Wanted!

Want to work with IDA and BinDiff? Want to write PoC's and Exploits?

Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package.

The vulnerability is caused due to an unspecified error and allows execution of arbitrary code. No more information is currently available.

SOLUTION: Sufficient information about the vulnerability is not available to suggest a proper workaround.

PROVIDED AND/OR DISCOVERED BY: eEye Digital Security

ORIGINAL ADVISORY: eEye Digital Security: http://www.eeye.com/html/research/upcoming/20060719.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200608-0456",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "internet security suite",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "mcafee",
        "version": "2006"
      },
      {
        "model": "privacy service",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "mcafee",
        "version": "2005"
      },
      {
        "model": "privacy service",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "mcafee",
        "version": "2004"
      },
      {
        "model": "personal firewall plus",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "mcafee",
        "version": "2006"
      },
      {
        "model": "personal firewall plus",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "mcafee",
        "version": "2005"
      },
      {
        "model": "personal firewall plus",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "mcafee",
        "version": "2004"
      },
      {
        "model": "internet security suite",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "mcafee",
        "version": "2005"
      },
      {
        "model": "internet security suite",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "mcafee",
        "version": "2004"
      },
      {
        "model": "antispyware",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "mcafee",
        "version": "2006"
      },
      {
        "model": "antispyware",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "mcafee",
        "version": "2005"
      },
      {
        "model": "wireless home network security",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "mcafee",
        "version": "2006"
      },
      {
        "model": "virusscan",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "mcafee",
        "version": "2006"
      },
      {
        "model": "virusscan",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "mcafee",
        "version": "2005"
      },
      {
        "model": "virusscan",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "mcafee",
        "version": "2004"
      },
      {
        "model": "quickclean",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "mcafee",
        "version": "2006"
      },
      {
        "model": "quickclean",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "mcafee",
        "version": "2005"
      },
      {
        "model": "quickclean",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "mcafee",
        "version": "2004"
      },
      {
        "model": "privacy service",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "mcafee",
        "version": "2006"
      },
      {
        "model": "security center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "6.0.23"
      },
      {
        "model": "security center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "6.0"
      },
      {
        "model": "spamkiller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "6.0"
      },
      {
        "model": "security center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "4.3"
      },
      {
        "model": "spamkiller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "5.0"
      },
      {
        "model": "spamkiller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "7.0"
      },
      {
        "model": "security center",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "mcafee",
        "version": "6.0.22"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "antispyware",
        "scope": null,
        "trust": 0.8,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "personal firewall plus",
        "scope": null,
        "trust": 0.8,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "privacy service",
        "scope": null,
        "trust": 0.8,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "quickclean",
        "scope": null,
        "trust": 0.8,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "securitycenter",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "mcafee",
        "version": "6.0.23"
      },
      {
        "model": "spamkiller",
        "scope": null,
        "trust": 0.8,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "virusscan",
        "scope": null,
        "trust": 0.8,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "wireless home network security",
        "scope": null,
        "trust": 0.8,
        "vendor": "mcafee",
        "version": null
      },
      {
        "model": "spamkiller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "2006"
      },
      {
        "model": "spamkiller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "2005"
      },
      {
        "model": "spamkiller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "2004"
      },
      {
        "model": "securitycenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "6.0.22"
      },
      {
        "model": "securitycenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "6.0"
      },
      {
        "model": "securitycenter",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "4.3"
      },
      {
        "model": "internet security suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "20060"
      },
      {
        "model": "securitycenter",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "mcafee",
        "version": "7.0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#481212"
      },
      {
        "db": "BID",
        "id": "19265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001904"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3961"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200608-011"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:internet_security_suite:2005:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:internet_security_suite:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:quickclean:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:quickclean:2005:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:spamkiller:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:spamkiller:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:virusscan:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:personal_firewall_plus:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:personal_firewall_plus:2005:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:quickclean:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:security_center:4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:antispyware:2005:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:personal_firewall_plus:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:privacy_service:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:security_center:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:security_center:6.0.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:wireless_home_network_security:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:virusscan:2005:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:virusscan:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:antispyware:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:internet_security_suite:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:privacy_service:2005:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:privacy_service:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:security_center:6.0.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:spamkiller:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3961"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Discovered by eEye Digital Security.",
    "sources": [
      {
        "db": "BID",
        "id": "19265"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-3961",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": true,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2006-3961",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-20069",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-3961",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#481212",
            "trust": 0.8,
            "value": "19.74"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200608-011",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-20069",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#481212"
      },
      {
        "db": "VULHUB",
        "id": "VHN-20069"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001904"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3961"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200608-011"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf. McAfee SecurityCenter is prone to a stack-based buffer-overflow vulnerability.  This vulnerability requires a certain amount of user-interaction for an attack to occur, such as visiting a malicious website. A successful exploit would let a remote attacker execute code with the privileges of the currently logged in user. \nThis issue is reported to affect versions 4.3 through 6.0.22. Please see the affected packages section for a list of McAfee consumer products that ship with vulnerable versions of the McAfee SecurityCenter. McAfee Subscription Manager (McAfee Subscription Manager) is a component released together with many McAfee products to manage product permissions. It is an ActiveX control, through which manufacturers can check the legality of product use. McSubMgr.dll, the implementation module of the product inspection manager, does not check the length of the incoming parameters. Remote attackers can lure users to visit malicious websites, and transmit data exceeding 3000 bytes to McSubMgr.dll in web scripts, resulting in stack overflow. to execute arbitrary commands. Link: http://www.securityfocus.com/archive/1/442495/30/0/threaded. \n\n----------------------------------------------------------------------\n\nHardcore Disassembler / Reverse Engineer Wanted!\n\nWant to work with IDA and BinDiff?\nWant to write PoC\u0027s and Exploits?\n\nYour nationality is not important. \nWe will get you a work permit, find an apartment, and offer a\nrelocation compensation package. \n\nThe vulnerability is caused due to an unspecified error and allows\nexecution of arbitrary code. No more information is currently\navailable. \n\nSOLUTION:\nSufficient information about the vulnerability is not available to\nsuggest a proper workaround. \n\nPROVIDED AND/OR DISCOVERED BY:\neEye Digital Security\n\nORIGINAL ADVISORY:\neEye Digital Security:\nhttp://www.eeye.com/html/research/upcoming/20060719.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3961"
      },
      {
        "db": "CERT/CC",
        "id": "VU#481212"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001904"
      },
      {
        "db": "BID",
        "id": "19265"
      },
      {
        "db": "VULHUB",
        "id": "VHN-20069"
      },
      {
        "db": "PACKETSTORM",
        "id": "48724"
      }
    ],
    "trust": 2.79
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-20069",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-20069"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#481212",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "19265",
        "trust": 2.8
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3961",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "21264",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1016614",
        "trust": 2.5
      },
      {
        "db": "OSVDB",
        "id": "27698",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3096",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001904",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200608-011",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20060807 [EEYEB-20060719] MCAFEE SUBSCRIPTION MANAGER STACK BUFFER OVERFLOW",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "82987",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-71024",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "16510",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-20069",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "48724",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#481212"
      },
      {
        "db": "VULHUB",
        "id": "VHN-20069"
      },
      {
        "db": "BID",
        "id": "19265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001904"
      },
      {
        "db": "PACKETSTORM",
        "id": "48724"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3961"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200608-011"
      }
    ]
  },
  "id": "VAR-200608-0456",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-20069"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:54:07.620000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://service.mcafee.com/default.aspx"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001904"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-20069"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001904"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3961"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "http://ts.mcafeehelp.com/faq3.asp?docid=407052"
      },
      {
        "trust": 2.5,
        "url": "http://www.eeye.com/html/research/advisories/ad2006807.html"
      },
      {
        "trust": 2.5,
        "url": "http://www.kb.cert.org/vuls/id/481212"
      },
      {
        "trust": 2.1,
        "url": "http://www.eeye.com/html/research/upcoming/20060719.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/19265"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/27698"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1016614"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/21264"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/442495/100/100/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/3096"
      },
      {
        "trust": 0.8,
        "url": "http://us.mcafee.com/root/product.asp?productid=msc"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/19265 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016614 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/21264 "
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3961"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3961"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/3096"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/442495/100/100/threaded"
      },
      {
        "trust": 0.3,
        "url": "http://www.mcafee.com/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/442495"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/21264/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6481/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/9052/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/11210/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/11211/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6439/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/267/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/7790/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#481212"
      },
      {
        "db": "VULHUB",
        "id": "VHN-20069"
      },
      {
        "db": "BID",
        "id": "19265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001904"
      },
      {
        "db": "PACKETSTORM",
        "id": "48724"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3961"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200608-011"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#481212"
      },
      {
        "db": "VULHUB",
        "id": "VHN-20069"
      },
      {
        "db": "BID",
        "id": "19265"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-001904"
      },
      {
        "db": "PACKETSTORM",
        "id": "48724"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3961"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200608-011"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-08-15T00:00:00",
        "db": "CERT/CC",
        "id": "VU#481212"
      },
      {
        "date": "2006-08-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-20069"
      },
      {
        "date": "2006-08-01T00:00:00",
        "db": "BID",
        "id": "19265"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-001904"
      },
      {
        "date": "2006-08-02T08:14:26",
        "db": "PACKETSTORM",
        "id": "48724"
      },
      {
        "date": "2006-08-01T21:04:00",
        "db": "NVD",
        "id": "CVE-2006-3961"
      },
      {
        "date": "2006-08-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200608-011"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-10-03T00:00:00",
        "db": "CERT/CC",
        "id": "VU#481212"
      },
      {
        "date": "2018-10-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-20069"
      },
      {
        "date": "2007-07-03T19:18:00",
        "db": "BID",
        "id": "19265"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-001904"
      },
      {
        "date": "2018-10-17T21:32:33.143000",
        "db": "NVD",
        "id": "CVE-2006-3961"
      },
      {
        "date": "2006-09-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200608-011"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200608-011"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "McAfee Subscription Manager ActiveX control vulnerable to stack buffer overflow",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#481212"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200608-011"
      }
    ],
    "trust": 0.6
  }
}

GHSA-X3J8-8PM3-5GWM

Vulnerability from github – Published: 2022-05-01 07:14 – Updated: 2022-05-01 07:14

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-3961"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-08-01T21:04:00Z",
    "severity": "MODERATE"
  },
  "details": "Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf.",
  "id": "GHSA-x3j8-8pm3-5gwm",
  "modified": "2022-05-01T07:14:09Z",
  "published": "2022-05-01T07:14:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3961"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21264"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016614"
    },
    {
      "type": "WEB",
      "url": "http://ts.mcafeehelp.com/faq3.asp?docid=407052"
    },
    {
      "type": "WEB",
      "url": "http://www.eeye.com/html/research/advisories/AD2006807.html"
    },
    {
      "type": "WEB",
      "url": "http://www.eeye.com/html/research/upcoming/20060719.html"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/481212"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/27698"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/442495/100/100/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/19265"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3096"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2006-3961

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-3961

Aliases

CVE-2006-3961

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-3961",
    "description": "Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf.",
    "id": "GSD-2006-3961",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2006-3961"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-3961"
      ],
      "details": "Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf.",
      "id": "GSD-2006-3961",
      "modified": "2023-12-13T01:19:57.862133Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-3961",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "19265",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/19265"
          },
          {
            "name": "http://www.eeye.com/html/research/upcoming/20060719.html",
            "refsource": "MISC",
            "url": "http://www.eeye.com/html/research/upcoming/20060719.html"
          },
          {
            "name": "1016614",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016614"
          },
          {
            "name": "20060807 [EEYEB-20060719] McAfee Subscription Manager Stack Buffer Overflow",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/442495/100/100/threaded"
          },
          {
            "name": "27698",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/27698"
          },
          {
            "name": "ADV-2006-3096",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/3096"
          },
          {
            "name": "http://www.eeye.com/html/research/advisories/AD2006807.html",
            "refsource": "MISC",
            "url": "http://www.eeye.com/html/research/advisories/AD2006807.html"
          },
          {
            "name": "http://ts.mcafeehelp.com/faq3.asp?docid=407052",
            "refsource": "CONFIRM",
            "url": "http://ts.mcafeehelp.com/faq3.asp?docid=407052"
          },
          {
            "name": "21264",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21264"
          },
          {
            "name": "VU#481212",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/481212"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:internet_security_suite:2005:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:internet_security_suite:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:quickclean:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:quickclean:2005:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:spamkiller:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:spamkiller:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:virusscan:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:personal_firewall_plus:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:personal_firewall_plus:2005:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:quickclean:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:security_center:4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:antispyware:2005:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:personal_firewall_plus:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:privacy_service:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:security_center:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:security_center:6.0.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:wireless_home_network_security:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:virusscan:2005:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:virusscan:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:antispyware:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:internet_security_suite:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:privacy_service:2005:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:privacy_service:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:security_center:6.0.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mcafee:spamkiller:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3961"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.eeye.com/html/research/upcoming/20060719.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.eeye.com/html/research/upcoming/20060719.html"
            },
            {
              "name": "19265",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/19265"
            },
            {
              "name": "21264",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/21264"
            },
            {
              "name": "http://ts.mcafeehelp.com/faq3.asp?docid=407052",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://ts.mcafeehelp.com/faq3.asp?docid=407052"
            },
            {
              "name": "1016614",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016614"
            },
            {
              "name": "http://www.eeye.com/html/research/advisories/AD2006807.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.eeye.com/html/research/advisories/AD2006807.html"
            },
            {
              "name": "VU#481212",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/481212"
            },
            {
              "name": "27698",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/27698"
            },
            {
              "name": "ADV-2006-3096",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3096"
            },
            {
              "name": "20060807 [EEYEB-20060719] McAfee Subscription Manager Stack Buffer Overflow",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/442495/100/100/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-17T21:32Z",
      "publishedDate": "2006-08-01T21:04Z"
    }
  }
}

FKIE_CVE-2006-3961

Vulnerability from fkie_nvd - Published: 2006-08-01 21:04 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/21264	Patch, Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1016614
cve@mitre.org	http://ts.mcafeehelp.com/faq3.asp?docid=407052
cve@mitre.org	http://www.eeye.com/html/research/advisories/AD2006807.html
cve@mitre.org	http://www.eeye.com/html/research/upcoming/20060719.html
cve@mitre.org	http://www.kb.cert.org/vuls/id/481212	US Government Resource
cve@mitre.org	http://www.osvdb.org/27698
cve@mitre.org	http://www.securityfocus.com/archive/1/442495/100/100/threaded
cve@mitre.org	http://www.securityfocus.com/bid/19265	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3096	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21264	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016614
af854a3a-2127-422b-91ae-364da2661108	http://ts.mcafeehelp.com/faq3.asp?docid=407052
af854a3a-2127-422b-91ae-364da2661108	http://www.eeye.com/html/research/advisories/AD2006807.html
af854a3a-2127-422b-91ae-364da2661108	http://www.eeye.com/html/research/upcoming/20060719.html
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/481212	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/27698
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/442495/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/19265	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3096	Vendor Advisory

Impacted products

Vendor	Product	Version
mcafee	antispyware	2005
mcafee	antispyware	2006
mcafee	internet_security_suite	2004
mcafee	internet_security_suite	2005
mcafee	internet_security_suite	2006
mcafee	personal_firewall_plus	2004
mcafee	personal_firewall_plus	2005
mcafee	personal_firewall_plus	2006
mcafee	privacy_service	2004
mcafee	privacy_service	2005
mcafee	privacy_service	2006
mcafee	quickclean	2004
mcafee	quickclean	2005
mcafee	quickclean	2006
mcafee	security_center	4.3
mcafee	security_center	6.0
mcafee	security_center	6.0.22
mcafee	security_center	6.0.23
mcafee	spamkiller	5.0
mcafee	spamkiller	6.0
mcafee	spamkiller	7.0
mcafee	virusscan	2004
mcafee	virusscan	2005
mcafee	virusscan	2006
mcafee	wireless_home_network_security	2006

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:antispyware:2005:*:*:*:*:*:*:*",
              "matchCriteriaId": "B862ADF2-A544-4729-9EE4-D140C58D6AEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:antispyware:2006:*:*:*:*:*:*:*",
              "matchCriteriaId": "5350EE37-53D7-4DFB-84FC-0FA6A7C1C123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:internet_security_suite:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB0A7659-25FF-4E18-B2BA-34F6FD6410F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:internet_security_suite:2005:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C22BB62-9790-4D89-B1B4-D5E0F4FFB3C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:internet_security_suite:2006:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E69BB96-F48B-43DA-BA7B-530E5148CCC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:personal_firewall_plus:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F3E0836-557F-46C8-BBDE-955D3AEBB6B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:personal_firewall_plus:2005:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F62AF06-16DD-4C6C-BD48-BFA08629739C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:personal_firewall_plus:2006:*:*:*:*:*:*:*",
              "matchCriteriaId": "134C4C4F-92A0-4B89-B06A-4FB8D9513AFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:privacy_service:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F945365-B065-44A6-8CEC-2CBCE4DD23C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:privacy_service:2005:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB1AC389-8BBF-4784-ABCD-99E379AC6B75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:privacy_service:2006:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E03296D-5FC1-450D-BC05-6F6E9A90CF77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:quickclean:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "931427A2-B69B-4418-8374-854A5F9420DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:quickclean:2005:*:*:*:*:*:*:*",
              "matchCriteriaId": "E19A9E38-E637-487A-BC06-F0CA6481E7EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:quickclean:2006:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE3B1863-DBB3-4458-899B-CEEAD9275B17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:security_center:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD547C9C-9D50-49ED-8EFE-1DD7484DDED5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:security_center:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "210F5447-4FC7-4278-9F2A-C64BBB5A86DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:security_center:6.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "BECBD40D-ACBD-4E88-B230-ECFE98FD9F5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:security_center:6.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "A82098C7-30FE-464E-891F-868A0209D9DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:spamkiller:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0652B16C-7D9A-4743-AB54-6F205CA1E76D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:spamkiller:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CBC8F91-2534-4DAC-BDE3-AE49E19A6A8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:spamkiller:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B33F2AC-4BBE-4DE0-A61E-378972011BB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:virusscan:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D9B7B07-E3EF-4185-927C-CE308829B9A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:virusscan:2005:*:*:*:*:*:*:*",
              "matchCriteriaId": "F58D6A2F-AC08-4C1D-9ABF-4D675A1E87AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:virusscan:2006:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E96246D-3184-4BBB-8675-9B1CBE0B977C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:wireless_home_network_security:2006:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B3DC47F-853B-44B0-BD8B-C2EE4530B333",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en control ActiveX McSubMgr (mcsubmgr.dll) en McAfee Security Center 6.0.23 para Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, y QuickClean permite a atacantes con la intervenci\u00f3n del usuario ejecutar comandos de su elecci\u00f3n a trav\u00e9s de par\u00e1ametros string, los cuales son posteriormente usados en vsprintf."
    }
  ],
  "id": "CVE-2006-3961",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-08-01T21:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21264"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016614"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://ts.mcafeehelp.com/faq3.asp?docid=407052"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.eeye.com/html/research/advisories/AD2006807.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.eeye.com/html/research/upcoming/20060719.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/481212"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/27698"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/442495/100/100/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/19265"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3096"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016614"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ts.mcafeehelp.com/faq3.asp?docid=407052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.eeye.com/html/research/advisories/AD2006807.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.eeye.com/html/research/upcoming/20060719.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/481212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/27698"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/442495/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/19265"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3096"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-3961 (GCVE-0-2006-3961)

VAR-200608-0456

GHSA-X3J8-8PM3-5GWM

GSD-2006-3961

FKIE_CVE-2006-3961

Tags

Sightings

Nomenclature