Lucene search

[email protected]CVE-2006-3423

HistoryJul 07, 2006 - 12:05 a.m.

CVE-2006-3423

2006-07-0700:05:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2006-3423

webex downloader

activex control

java

security vulnerability

7.7 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.285 Low

EPSS

Percentile

96.8%

JSON

WebEx Downloader ActiveX Control and WebEx Downloader Java before 2.1.0.0 do not validate downloaded components, which allows remote attackers to execute arbitrary code via a website that activates the GpcUrlRoot and GpcIniFileName ActiveX controls to cause the client to download a DLL file.

CPENameOperatorVersion
webex_communications:downloader_activexcontrolwebex communications downloader activexcontroleq2.0.0.7
webex_communications:downloader_javawebex communications downloader javaeq2.0.0.9

CPE	Name	Operator	Version
webex_communications:downloader_activexcontrol	webex communications downloader activexcontrol	eq	2.0.0.7
webex_communications:downloader_java	webex communications downloader java	eq	2.0.0.9

References

secunia.com/advisories/20956

securitytracker.com/id?1016446

www.osvdb.org/27039

www.osvdb.org/27040

www.securityfocus.com/archive/1/439496/100/0/threaded

www.securityfocus.com/bid/18860

www.vupen.com/english/advisories/2006/2688

www.webex.com/lp/security/ActiveAdv.html?TrackID=123456

www.zerodayinitiative.com/advisories/ZDI-06-021.html

xforce.iss.net/xforce/alerts/id/226

exchange.xforce.ibmcloud.com/vulnerabilities/24370

7.7 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.285 Low

EPSS

Percentile

96.8%

JSON

Related for CVE-2006-3423

seebug1 securityvulns1 zdi1 nessus1