CVE-2006-6442

{"id": "CVE-2006-6442", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2006-12-10T11:28:00.000", "references": [{"url": "http://attrition.org/pipermail/vim/2006-December/001173.html", "source": "cve@mitre.org"}, {"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051230.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23043", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/secunia_research/2006-69/advisory/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1017357", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/454105/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/21488", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4904", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30790", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the SetClientInfo function in the CDDBControlAOL.CDDBAOLControl ActiveX control (cddbcontrol.dll), as used in America Online (AOL) 7.0 4114.563, 8.0 4129.230, and 9.0 Security Edition 4156.910, and possibly other products, allows remote attackers to execute arbitrary code via a long ClientId argument."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n SetClientInfo en el control ActiveX CDDBControlAOL.CDDBAOLControl (cddbcontrol.dll), tal y como se usa en America Online (AOL) 7.0 4114.563, 8.0 4129.230, y 9.0 Security Edition 4156.910, y posiblemente otros productos, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un argumento ClientId largo."}], "lastModified": "2018-10-17T21:48:12.050", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:aol:aol_client_software:7.0_4114.563:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3354E8D0-4213-498B-B3E0-E14B31FED38D"}, {"criteria": "cpe:2.3:a:aol:aol_client_software:8.0_4129.230:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "706A4AB8-B222-44AF-912C-34EA514B83F0"}, {"criteria": "cpe:2.3:a:aol:aol_client_software:9.0:*:security_4156.910:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77C48560-275A-42CE-A55D-2ED7C88ABC06"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}