Lucene search

[email protected]CVE-2006-3134

HistoryJun 27, 2006 - 5:05 p.m.

CVE-2006-3134

2006-06-2717:05:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-3134

buffer overflow

gracenote

cddbcontrol

activex control

remote code execution

7.9 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.533 Medium

EPSS

Percentile

97.6%

JSON

Buffer overflow in GraceNote CDDBControl ActiveX Control, as used by multiple products that use Gracenote CDDB, allows remote attackers to execute arbitrary code via a long option string.

CPENameOperatorVersion
gracenote:cddbcontrol_activex_controlgracenote cddbcontrol activex controleq*

CPE	Name	Operator	Version
gracenote:cddbcontrol_activex_control	gracenote cddbcontrol activex control	eq	*

References

europe.nokia.com/nokia/0%2C%2C93034%2C00.html

lists.grok.org.uk/pipermail/full-disclosure/2006-June/047420.html

secunia.com/advisories/20861

secunia.com/advisories/20862

securitytracker.com/id?1016389

www.gracenote.com/sec062706/SonySecurityNotification.html

www.kb.cert.org/vuls/id/701121

www.osvdb.org/26874

www.securityfocus.com/bid/18678

www.vupen.com/english/advisories/2006/2562

www.vupen.com/english/advisories/2006/2563

www.zerodayinitiative.com/advisories/ZDI-06-019.html

exchange.xforce.ibmcloud.com/vulnerabilities/27416

7.9 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.533 Medium

EPSS

Percentile

97.6%

JSON

Related for CVE-2006-3134

checkpoint_advisories2 zdi1 cert1 nessus1