Lucene search

[email protected]CVE-2006-5658

HistoryNov 03, 2006 - 12:07 a.m.

CVE-2006-5658

2006-11-0300:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-5658

bloomooweb

activex

aidematl.dll

remote attackers

file download

execution

deletion

nvd

vulnerability

7.9 High

AI Score

Confidence

Low

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.025 Low

EPSS

Percentile

89.9%

JSON

BlooMooWeb ActiveX control (AidemATL.dll) allows remote attackers to (1) download arbitrary files via a URL in the bstrUrl parameter to the BW_DownloadFile method, (2) execute arbitrary local files via a file path in the bstrParams parameter to the BW_LaunchGame method, and (3) delete arbitrary files via a file path in the filePath parameter to the BW_DeleteTempFile method.

CPENameOperatorVersion
studio_achtundachtzig:bloomooweb_activex_controlstudio achtundachtzig bloomooweb activex controleq1.0.9

CPE	Name	Operator	Version
studio_achtundachtzig:bloomooweb_activex_control	studio achtundachtzig bloomooweb activex control	eq	1.0.9

References

secunia.com/advisories/22666

securityreason.com/securityalert/1808

www.securityfocus.com/archive/1/450144/100/0/threaded

www.securityfocus.com/bid/20827

www.vupen.com/english/advisories/2006/4294

exchange.xforce.ibmcloud.com/vulnerabilities/29968

exchange.xforce.ibmcloud.com/vulnerabilities/29997

7.9 High

AI Score

Confidence

Low

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.025 Low

EPSS

Percentile

89.9%

JSON