Vulnerability CVE-2006-4659


Published: 2006-09-08   Modified: 2012-02-12

Description:
The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses predictable URLs for the spam classification of each message, which allows remote attackers to cause Panda to classify arbitrary messages as spam via a web page that contains IMG tags with the predictable URLs. NOTE: this issue could also be regarded as a cross-site request forgery (CSRF) vulnerability.

See advisories in our WLB2 database:
Topic
Author
Date
High
Panda Platinum Internet Security privilege escalation / bayesian filter control security vulnerabilities
3APA3A (3APA3A S...
12.09.2006

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Panda -> Panda platinum internet security 

 References:
http://securityreason.com/securityalert/1524
http://www.security.nnov.ru/advisories/pandais.asp
http://www.securityfocus.com/archive/1/445479/100/0/threaded
http://www.securityfocus.com/bid/19891

Copyright 2024, cxsecurity.com

 

Back to Top