CVE-2006-3893

{"id": "CVE-2006-3893", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-12-04T11:28:00.000", "references": [{"url": "http://secunia.com/advisories/23286", "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/210697", "tags": ["Patch", "US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/21375", "tags": ["Patch"], "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4794", "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4795", "source": "cret@cert.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30680", "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/23286", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/210697", "tags": ["Patch", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/21375", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/4794", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/4795", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30680", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in the ActiveX controls in Newtone ImageKit 5 before Fix 30 and 6 before Fix 40, as used in CASIO Photo Loader software before 3.01 and possibly other software, allow remote attackers to execute arbitrary code via a crafted HTML document."}, {"lang": "es", "value": "M\u00faltiple desbordamiento de b\u00fafer en el control ActiveX de Newtone ImageKit 5 anterior al Fix 30 y 6 anterior al Fix 40, tal y como se usa en el software CASIO Photo Loader anterior a 3.01 y posiblemente otro software, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un documento HTML manipulado."}], "lastModified": "2024-11-21T00:14:39.207", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:casio:photo_loader:3.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62C8D4B2-B6CB-4F8B-A6C1-47FE257F423B"}, {"criteria": "cpe:2.3:a:newtone:imagekit:5_fix_29:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8CECD5A-4EAA-4B18-A767-9A9B8F1F6776"}, {"criteria": "cpe:2.3:a:newtone:imagekit:6_fix_40:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8012A2A5-295D-4D4A-AA09-D9603BAED474"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org", "evaluatorSolution": "This vulnerability is addressed in the following product releases:\r\nNewtone, ImageKit, 5 Fix 30 \r\nNewtone, ImageKit, 6 Fix 41\r\nCasio, Photo Loader, 3.01"}