CVE-2006-3961

Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/21264	Patch Vendor Advisory
http://securitytracker.com/id?1016614
http://ts.mcafeehelp.com/faq3.asp?docid=407052
http://www.eeye.com/html/research/advisories/AD2006807.html
http://www.eeye.com/html/research/upcoming/20060719.html
http://www.kb.cert.org/vuls/id/481212	US Government Resource
http://www.osvdb.org/27698
http://www.securityfocus.com/archive/1/442495/100/100/threaded
http://www.securityfocus.com/bid/19265	Patch
http://www.vupen.com/english/advisories/2006/3096	Vendor Advisory
http://secunia.com/advisories/21264	Patch Vendor Advisory
http://securitytracker.com/id?1016614
http://ts.mcafeehelp.com/faq3.asp?docid=407052
http://www.eeye.com/html/research/advisories/AD2006807.html
http://www.eeye.com/html/research/upcoming/20060719.html
http://www.kb.cert.org/vuls/id/481212	US Government Resource
http://www.osvdb.org/27698
http://www.securityfocus.com/archive/1/442495/100/100/threaded
http://www.securityfocus.com/bid/19265	Patch
http://www.vupen.com/english/advisories/2006/3096	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mcafee:antispyware:2005:::::::*
	cpe:2.3:a:mcafee:antispyware:2006:::::::*
	cpe:2.3:a:mcafee:internet_security_suite:2004:::::::*
	cpe:2.3:a:mcafee:internet_security_suite:2005:::::::*
	cpe:2.3:a:mcafee:internet_security_suite:2006:::::::*
	cpe:2.3:a:mcafee:personal_firewall_plus:2004:::::::*
	cpe:2.3:a:mcafee:personal_firewall_plus:2005:::::::*
	cpe:2.3:a:mcafee:personal_firewall_plus:2006:::::::*
	cpe:2.3:a:mcafee:privacy_service:2004:::::::*
	cpe:2.3:a:mcafee:privacy_service:2005:::::::*
	cpe:2.3:a:mcafee:privacy_service:2006:::::::*
	cpe:2.3:a:mcafee:quickclean:2004:::::::*
	cpe:2.3:a:mcafee:quickclean:2005:::::::*
	cpe:2.3:a:mcafee:quickclean:2006:::::::*
	cpe:2.3:a:mcafee:security_center:4.3:::::::*
	cpe:2.3:a:mcafee:security_center:6.0:::::::*
	cpe:2.3:a:mcafee:security_center:6.0.22:::::::*
	cpe:2.3:a:mcafee:security_center:6.0.23:::::::*
	cpe:2.3:a:mcafee:spamkiller:5.0:::::::*
	cpe:2.3:a:mcafee:spamkiller:6.0:::::::*
	cpe:2.3:a:mcafee:spamkiller:7.0:::::::*
	cpe:2.3:a:mcafee:virusscan:2004:::::::*
	cpe:2.3:a:mcafee:virusscan:2005:::::::*
	cpe:2.3:a:mcafee:virusscan:2006:::::::*
	cpe:2.3:a:mcafee:wireless_home_network_security:2006:::::::*

History

21 Nov 2024, 00:14

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/21264 - Patch, Vendor Advisory~~	() http://secunia.com/advisories/21264 - Patch, Vendor Advisory
References	~~() http://securitytracker.com/id?1016614 -~~	() http://securitytracker.com/id?1016614 -
References	~~() http://ts.mcafeehelp.com/faq3.asp?docid=407052 -~~	() http://ts.mcafeehelp.com/faq3.asp?docid=407052 -
References	~~() http://www.eeye.com/html/research/advisories/AD2006807.html -~~	() http://www.eeye.com/html/research/advisories/AD2006807.html -
References	~~() http://www.eeye.com/html/research/upcoming/20060719.html -~~	() http://www.eeye.com/html/research/upcoming/20060719.html -
References	~~() http://www.kb.cert.org/vuls/id/481212 - US Government Resource~~	() http://www.kb.cert.org/vuls/id/481212 - US Government Resource
References	~~() http://www.osvdb.org/27698 -~~	() http://www.osvdb.org/27698 -
References	~~() http://www.securityfocus.com/archive/1/442495/100/100/threaded -~~	() http://www.securityfocus.com/archive/1/442495/100/100/threaded -
References	~~() http://www.securityfocus.com/bid/19265 - Patch~~	() http://www.securityfocus.com/bid/19265 - Patch
References	~~() http://www.vupen.com/english/advisories/2006/3096 - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2006/3096 - Vendor Advisory

Information

Published : 2006-08-01 21:04

Updated : 2024-11-21 00:14

NVD link : CVE-2006-3961

Mitre link : CVE-2006-3961

CVE.ORG link : CVE-2006-3961

JSON object : View

Products Affected

mcafee

privacy_service
personal_firewall_plus
quickclean
wireless_home_network_security
security_center
virusscan
antispyware
spamkiller
internet_security_suite

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

6.8 /10