Lucene search

[email protected]CVE-2006-5176

HistoryOct 10, 2006 - 4:06 a.m.

CVE-2006-5176

2006-10-1004:06:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2006-5176

buffer overflow

ntlm authentication

mailenable professional

mailenable enterprise

remote code execution

security vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

High

0.131 Low

EPSS

Percentile

95.6%

JSON

Buffer overflow in NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to execute arbitrary code via “the signature field of NTLM Type 1 messages”.

Affected configurations

NVD

Node

mailenablemailenable_enterpriseMatch2.0

mailenablemailenable_professionalMatch2.0

CPENameOperatorVersion
mailenable:mailenable_enterprisemailenable mailenable enterpriseeq2.0
mailenable:mailenable_professionalmailenable mailenable professionaleq2.0

CPE	Name	Operator	Version
mailenable:mailenable_enterprise	mailenable mailenable enterprise	eq	2.0
mailenable:mailenable_professional	mailenable mailenable professional	eq	2.0

References

labs.musecurity.com/advisories/MU-200609-01.txt

secunia.com/advisories/22179

www.mailenable.com/hotfix/

www.securityfocus.com/bid/20290

www.vupen.com/english/advisories/2006/3862

exchange.xforce.ibmcloud.com/vulnerabilities/29284

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

High

0.131 Low

EPSS

Percentile

95.6%

JSON

Related for CVE-2006-5176

nvd1 cvelist1 nessus1