CVE-2006-0812

The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server 4.6.0.4, 4.6.1.1, and possibly other versions before 4.6.1.2, does not drop privileges before executing other programs, which allows local users to gain privileges.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/secunia_research/2005-65/advisory/	Vendor Advisory
http://secunia.com/advisories/16583	Patch Vendor Advisory
http://www.securityfocus.com/bid/16788
http://securitytracker.com/id?1015670
http://www.vupen.com/english/advisories/2006/0701
https://exchange.xforce.ibmcloud.com/vulnerabilities/24928
http://www.securityfocus.com/archive/1/425890/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:visnetic:visnetic_antivirus_plug-in_for_mail_server:4.6.0.4:::::::*
	cpe:2.3:a:visnetic:visnetic_antivirus_plug-in_for_mail_server:4.6.1.1:::::::*

Information

Published : 2006-02-23 12:02

Updated : 2018-10-18 09:29

NVD link : CVE-2006-0812

Mitre link : CVE-2006-0812

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

visnetic

visnetic_antivirus_plug-in_for_mail_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/secunia_research/2005-65/advisory/", "name": "http://secunia.com/secunia_research/2005-65/advisory/", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/16583", "name": "16583", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/16788", "name": "16788", "tags": [], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1015670", "name": "1015670", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.vupen.com/english/advisories/2006/0701", "name": "ADV-2006-0701", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24928", "name": "visnetic-av-plugin-privilege-elevation(24928)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/425890/100/0/threaded", "name": "20060223 Secunia Research: Visnetic AntiVirus Plug-in for MailServerPrivilege Escalation", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server 4.6.0.4, 4.6.1.1, and possibly other versions before 4.6.1.2, does not drop privileges before executing other programs, which allows local users to gain privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-0812", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-02-23T20:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:visnetic:visnetic_antivirus_plug-in_for_mail_server:4.6.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:visnetic:visnetic_antivirus_plug-in_for_mail_server:4.6.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-18T16:29Z"}