CVE-2006-3973

My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe is running before launching iexplore.exe from the "Test Your Firewall" feature, which allows local users to gain SYSTEM privileges.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/21142	Vendor Advisory
http://secunia.com/secunia_research/2006-59/advisory	Vendor Advisory
http://securitytracker.com/id?1017267
http://www.securityfocus.com/archive/1/452233/100/0/threaded
http://www.securityfocus.com/bid/21228
http://www.vupen.com/english/advisories/2006/4635
https://exchange.xforce.ibmcloud.com/vulnerabilities/30476

Configurations

Configuration 1 (hide)

cpe:2.3:h:my_firewall_plus:my_firewall_plus:5.0_build_1119:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-11-22 11:07

Updated : 2024-02-04 17:13

NVD link : CVE-2006-3973

Mitre link : CVE-2006-3973

CVE.ORG link : CVE-2006-3973

JSON object : View

Products Affected

my_firewall_plus

my_firewall_plus

CWE

NVD-CWE-Other

{"id": "CVE-2006-3973", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-11-22T11:07:00.000", "references": [{"url": "http://secunia.com/advisories/21142", "tags": ["Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://secunia.com/secunia_research/2006-59/advisory", "tags": ["Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://securitytracker.com/id?1017267", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.securityfocus.com/archive/1/452233/100/0/threaded", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.securityfocus.com/bid/21228", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.vupen.com/english/advisories/2006/4635", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30476", "source": "PSIRT-CNA@flexerasoftware.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe is running before launching iexplore.exe from the \"Test Your Firewall\" feature, which allows local users to gain SYSTEM privileges."}, {"lang": "es", "value": "My Firewall Plus 5.0 Build 1119 no verifica si explorer.exe se est\u00e1 ejecutando antes de lanzar iexplore.exe desde la caracter\u00edstica \"Prueba tu Cortafuegos\", lo cual permite a usuarios locales obtener privilegios del sistema (SYSTEM)."}], "lastModified": "2018-10-17T21:32:34.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:my_firewall_plus:my_firewall_plus:5.0_build_1119:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF21CD6B-F276-46CA-9FA8-E07277EF710B"}], "operator": "OR"}]}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com"}