Vulnerability CVE-2006-3961
Published: 2006-08-01   Modified: 2012-02-12

Description:
Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf.

Type:

CWE-119

 (Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Mcafee -> Antispyware 
Mcafee -> Internet security suite 
Mcafee -> Personal firewall plus 
Mcafee -> Privacy service 
Mcafee -> Quickclean 
Mcafee -> Security center 
Mcafee -> Spamkiller 
Mcafee -> Virusscan 
Mcafee -> Wireless home network security 

 References:
http://securitytracker.com/id?1016614
http://ts.mcafeehelp.com/faq3.asp?docid=407052
http://www.eeye.com/html/research/advisories/AD2006807.html
http://www.eeye.com/html/research/upcoming/20060719.html
http://www.kb.cert.org/vuls/id/481212
http://www.securityfocus.com/archive/1/442495/100/100/threaded
http://www.securityfocus.com/bid/19265
http://www.vupen.com/english/advisories/2006/3096
Copyright 2024, cxsecurity.com

 

Back to Top