CVE-2006-6442
8.3 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.114 Low
EPSS
Percentile
95.1%
Stack-based buffer overflow in the SetClientInfo function in the CDDBControlAOL.CDDBAOLControl ActiveX control (cddbcontrol.dll), as used in America Online (AOL) 7.0 4114.563, 8.0 4129.230, and 9.0 Security Edition 4156.910, and possibly other products, allows remote attackers to execute arbitrary code via a long ClientId argument.
References
attrition.org/pipermail/vim/2006-December/001173.html
lists.grok.org.uk/pipermail/full-disclosure/2006-December/051230.html
secunia.com/advisories/23043
secunia.com/secunia_research/2006-69/advisory/
securitytracker.com/id?1017357
www.securityfocus.com/archive/1/454105/100/0/threaded
www.securityfocus.com/bid/21488
www.vupen.com/english/advisories/2006/4904
exchange.xforce.ibmcloud.com/vulnerabilities/30790
Related
8.3 High
AI Score
Confidence
Low
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.114 Low
EPSS
Percentile
95.1%