5
CVE-2006-2058
- EPSS 1.82%
- Veröffentlicht 26.04.2006 20:06:00
- Zuletzt bearbeitet 16.06.2026 22:24:15
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginArgument injection vulnerability in Avant Browser 10.1 Build 17 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Avantbrowser ≫ Avant Browser Version10.1 Updatebuild_17
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.82% | 0.76 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.
http://ingehenriksen.blogspot.com/2006/04/office-2003-file-attachment-exploit.html
http://www.securityfocus.com/archive/1/432009/100/0/threaded
http://www.vupen.com/english/advisories/2006/1538
https://exchange.xforce.ibmcloud.com/vulnerabilities/26118
http://securityreason.com/securityalert/785