4.6

CVE-2006-5968

EPSS 0.09%
Published 17.11.2006 22:07:00
Last modified 09.04.2025 00:30:58
Source PSIRT-CNA@flexerasoftware.com
Teams watchlist Login
Open Login

MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, installs the MDaemon application folder with insecure permissions (Users create files/directories), which allows local users to execute arbitrary code by creating malicious RASAPI32.DLL or MPRAPI.DLL libraries in the MDaemon\APP folder, which is an untrusted search path element due to insecure permissions.

Affected products Warnungen 0 Metrics 2 CWE 0 References 10

Data is provided by the National Vulnerability Database (NVD)

Alt-n ≫ Mdaemon Version9.0.5

Alt-n ≫ Mdaemon Version9.0.6

Alt-n ≫ Mdaemon Version9.51

Alt-n ≫ Mdaemon Version9.53

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.09%	0.259

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

http://secunia.com/advisories/21554

http://secunia.com/secunia_research/2006-67/advisory/

Vendor Advisory

http://securityreason.com/securityalert/1890

http://securitytracker.com/id?1017238

http://www.securityfocus.com/archive/1/451821/100/100/threaded

http://www.vupen.com/english/advisories/2006/4538

https://exchange.xforce.ibmcloud.com/vulnerabilities/30331

https://nvd.nist.gov/vuln/detail/CVE-2006-5968

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-5968

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-5968

EUVD