CVE-2006-3961

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-3961
Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf.

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://secunia.com/advisories/21264 Patch Vendor Advisory
http://securitytracker.com/id?1016614
http://ts.mcafeehelp.com/faq3.asp?docid=407052
http://www.eeye.com/html/research/advisories/AD2006807.html
http://www.eeye.com/html/research/upcoming/20060719.html
http://www.kb.cert.org/vuls/id/481212 US Government Resource
http://www.osvdb.org/27698
http://www.securityfocus.com/archive/1/442495/100/100/threaded
http://www.securityfocus.com/bid/19265 Patch
http://www.vupen.com/english/advisories/2006/3096 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mcafee:antispyware:2005:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:antispyware:2006:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:internet_security_suite:2004:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:internet_security_suite:2005:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:internet_security_suite:2006:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:personal_firewall_plus:2004:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:personal_firewall_plus:2005:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:personal_firewall_plus:2006:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:privacy_service:2004:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:privacy_service:2005:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:privacy_service:2006:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:quickclean:2004:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:quickclean:2005:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:quickclean:2006:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:security_center:4.3:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:security_center:6.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:security_center:6.0.22:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:security_center:6.0.23:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:spamkiller:5.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:spamkiller:6.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:spamkiller:7.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:virusscan:2004:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:virusscan:2005:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:virusscan:2006:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:wireless_home_network_security:2006:*:*:*:*:*:*:*
History

No history.

Information

Published : 2006-08-01 21:04

Updated : 2023-12-10 10:28

NVD link : CVE-2006-3961

Mitre link : CVE-2006-3961

CVE.ORG link : CVE-2006-3961

JSON object : View

Products Affected

mcafee

  • wireless_home_network_security
  • security_center
  • personal_firewall_plus
  • internet_security_suite
  • virusscan
  • antispyware
  • privacy_service
  • quickclean
  • spamkiller
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer