Lucene search

[email protected]CVE-2006-2511

HistoryMay 22, 2006 - 7:02 p.m.

CVE-2006-2511

2006-05-2219:02:00

[email protected]

web.nvd.nist.gov

cve-2006-2511

frontrange iheat

activex

remote access

arbitrary programs

file upload

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.4 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.7%

JSON

The ActiveX version of FrontRange iHEAT allows remote authenticated users to run arbitrary programs or access arbitrary files on the host machine by uploading a file with an extension that is not associated with an application, and selecting a file from the “Open With…” dialog.

Affected configurations

NVD

Node

frontrangeiheat

CPENameOperatorVersion
frontrange:iheatfrontrange iheateq*

CPE	Name	Operator	Version
frontrange:iheat	frontrange iheat	eq	*

References

secunia.com/advisories/20165

securitytracker.com/id?1016124

www.securityfocus.com/archive/1/434400/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/26711

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.4 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.7%

JSON

Related for CVE-2006-2511

cvelist1 nvd1 prion1