CVE-2006-3961

EPSS 70.79%
Published 01.08.2006 21:04:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf.

Affected products Warnungen 0 Metrics 2 CWE 1 References 13

Data is provided by the National Vulnerability Database (NVD)

Mcafee ≫ Antispyware Version2005

Mcafee ≫ Antispyware Version2006

Mcafee ≫ Internet Security Suite Version2004

Mcafee ≫ Internet Security Suite Version2005

Mcafee ≫ Internet Security Suite Version2006

Mcafee ≫ Personal Firewall Plus Version2004

Mcafee ≫ Personal Firewall Plus Version2005

Mcafee ≫ Personal Firewall Plus Version2006

Mcafee ≫ Privacy Service Version2004

Mcafee ≫ Privacy Service Version2005

Mcafee ≫ Privacy Service Version2006

Mcafee ≫ Quickclean Version2004

Mcafee ≫ Quickclean Version2005

Mcafee ≫ Quickclean Version2006

Mcafee ≫ Security Center Version4.3

Mcafee ≫ Security Center Version6.0

Mcafee ≫ Security Center Version6.0.22

Mcafee ≫ Security Center Version6.0.23

Mcafee ≫ Spamkiller Version5.0

Mcafee ≫ Spamkiller Version6.0

Mcafee ≫ Spamkiller Version7.0

Mcafee ≫ Virusscan Version2004

Mcafee ≫ Virusscan Version2005

Mcafee ≫ Virusscan Version2006

Mcafee ≫ Wireless Home Network Security Version2006

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	70.79%	0.985

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/21264

Patch

Vendor Advisory

http://securitytracker.com/id?1016614

http://ts.mcafeehelp.com/faq3.asp?docid=407052

http://www.eeye.com/html/research/advisories/AD2006807.html

http://www.eeye.com/html/research/upcoming/20060719.html

http://www.kb.cert.org/vuls/id/481212

US Government Resource

http://www.osvdb.org/27698

http://www.securityfocus.com/archive/1/442495/100/100/threaded

http://www.securityfocus.com/bid/19265