9.3
CVE-2006-3423
- EPSS 8.56%
- Veröffentlicht 07.07.2006 00:05:00
- Zuletzt bearbeitet 16.06.2026 22:27:02
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginWebEx Downloader ActiveX Control and WebEx Downloader Java before 2.1.0.0 do not validate downloaded components, which allows remote attackers to execute arbitrary code via a website that activates the GpcUrlRoot and GpcIniFileName ActiveX controls to cause the client to download a DLL file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Webex Communications ≫ Downloader Activexcontrol Version2.0.0.7
Webex Communications ≫ Downloader Java Version2.0.0.9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.56% | 0.944 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://secunia.com/advisories/20956
http://securitytracker.com/id?1016446
http://www.osvdb.org/27039
http://www.osvdb.org/27040
http://www.securityfocus.com/archive/1/439496/100/0/threaded
http://www.securityfocus.com/bid/18860
http://www.vupen.com/english/advisories/2006/2688
http://www.webex.com/lp/security/ActiveAdv.html?TrackID=123456
http://www.zerodayinitiative.com/advisories/ZDI-06-021.html
http://xforce.iss.net/xforce/alerts/id/226
https://exchange.xforce.ibmcloud.com/vulnerabilities/24370