6.2

CVE-2006-4801

Exploit
Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and possibly other products, allows local users to execute arbitrary code via temporary files, including dejavu_manual.rb, which are executed with raised privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RoxioToast Version7 Editiontitanium
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.36% 0.277
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.2 1.9 10
AV:L/AC:H/Au:N/C:C/I:C/A:C
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://secunia.com/advisories/21867
Vendor Advisory
http://www.netragard.com/pdfs/research/ROXIO_RACE_NETRAGARD-20060624.txt
Vendor Advisory
Exploit
http://www.securityfocus.com/bid/19955
http://www.vupen.com/english/advisories/2006/3608