Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAnonymousZDI-06-014
HistoryMay 10, 2006 - 12:00 a.m.

Verisign I-Nav ActiveX Control Code Execution Vulnerability

2006-05-1000:00:00
Anonymous
www.zerodayinitiative.com
15

EPSS

0.043

Percentile

92.3%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Verisign i-Nav ActiveX control. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. The specific flaw exists within the “VUpdater.Install” ActiveX control which is used to provide native support for Internationalized Domain Names (IDNs) in Microsoft Internet Explorer, Microsoft Outlook and Microsoft Outlook Express. Due to the lack of verification on Microsoft Cabinet (.CAB) files from the “InstallProduct” routine, an attacker can specify an arbitrary executable to run under the context of the current user.

References

Related

nessus 1
cve 1
securityvulns 1
nvd 1
prion 1
cvelist 1
nessus
nessus
I-Nav VUpdater.Install ActiveX Buffer Overflow
2006-05-11 00:00:00
cve
cve
CVE-2006-2273
2006-05-12 00:02:00
securityvulns
securityvulns
ZDI-06-014: Verisign I-Nav ActiveX Control Code Execution Vulnerability
2006-05-11 00:00:00
nvd
nvd
CVE-2006-2273
2006-05-12 00:02:00
prion
prion
Design/Logic Flaw
2006-05-12 00:02:00
cvelist
cvelist
CVE-2006-2273
2006-05-12 00:00:00

EPSS

0.043

Percentile

92.3%

JSON
Related for ZDI-06-014
nessus1cve1securityvulns1nvd1prion1cvelist1