CVE-2006-5571

Stack-based buffer overflow in /scripts/cruise/cws.exe in CruiseWorks 1.09c and 1.09d allows remote attackers to execute arbitrary code via a long string in the doc parameter.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=full-disclosure&m=116167230400165&w=2
http://secunia.com/advisories/22139	Exploit Patch Vendor Advisory
http://securityreason.com/securityalert/1790
http://securitytracker.com/alerts/2006/Oct/1017110.html	Exploit Patch
http://vuln.sg/cruiseworks109d-en.html	Exploit Patch
http://www.securityfocus.com/archive/1/449572/100/0/threaded
http://www.securityfocus.com/bid/20699	Exploit Patch
http://www.vupen.com/english/advisories/2006/4158
https://exchange.xforce.ibmcloud.com/vulnerabilities/29763
http://marc.info/?l=full-disclosure&m=116167230400165&w=2
http://secunia.com/advisories/22139	Exploit Patch Vendor Advisory
http://securityreason.com/securityalert/1790
http://securitytracker.com/alerts/2006/Oct/1017110.html	Exploit Patch
http://vuln.sg/cruiseworks109d-en.html	Exploit Patch
http://www.securityfocus.com/archive/1/449572/100/0/threaded
http://www.securityfocus.com/bid/20699	Exploit Patch
http://www.vupen.com/english/advisories/2006/4158
https://exchange.xforce.ibmcloud.com/vulnerabilities/29763

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:kynoslogic:cruiseworks:1.09c:::::::*
	cpe:2.3:a:kynoslogic:cruiseworks:1.09d:::::::*

History

21 Nov 2024, 00:19

Type	Values Removed	Values Added
References	~~() http://marc.info/?l=full-disclosure&m=116167230400165&w=2 -~~	() http://marc.info/?l=full-disclosure&m=116167230400165&w=2 -
References	~~() http://secunia.com/advisories/22139 - Exploit, Patch, Vendor Advisory~~	() http://secunia.com/advisories/22139 - Exploit, Patch, Vendor Advisory
References	~~() http://securityreason.com/securityalert/1790 -~~	() http://securityreason.com/securityalert/1790 -
References	~~() http://securitytracker.com/alerts/2006/Oct/1017110.html - Exploit, Patch~~	() http://securitytracker.com/alerts/2006/Oct/1017110.html - Exploit, Patch
References	~~() http://vuln.sg/cruiseworks109d-en.html - Exploit, Patch~~	() http://vuln.sg/cruiseworks109d-en.html - Exploit, Patch
References	~~() http://www.securityfocus.com/archive/1/449572/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/449572/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/20699 - Exploit, Patch~~	() http://www.securityfocus.com/bid/20699 - Exploit, Patch
References	~~() http://www.vupen.com/english/advisories/2006/4158 -~~	() http://www.vupen.com/english/advisories/2006/4158 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/29763 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/29763 -

Information

Published : 2006-10-27 16:07

Updated : 2025-04-09 00:30

NVD link : CVE-2006-5571

Mitre link : CVE-2006-5571

CVE.ORG link : CVE-2006-5571

JSON object : View

Products Affected

kynoslogic

cruiseworks

CWE

NVD-CWE-Other

7.5 /10