CVE-2006-5967

Race condition in Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows remote attackers to cause memory corruption and execute arbitrary code via unknown vectors related to multiple invocations of the Analizar method in the ActiveScan.1 ActiveX control, which is not thread safe.

CVSS v2.0 5.1 MEDIUM

5.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/secunia_research/2006-64/advisory/	Patch Vendor Advisory
http://secunia.com/advisories/21763
http://www.securityfocus.com/bid/21132
http://www.vupen.com/english/advisories/2006/4536
https://exchange.xforce.ibmcloud.com/vulnerabilities/30319
http://www.securityfocus.com/archive/1/451864/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:panda:activescan:5.0:::::::*
	cpe:2.3:a:panda:activescan:5.53.00:::::::*

Information

Published : 2006-11-17 14:07

Updated : 2018-10-17 14:46

NVD link : CVE-2006-5967

Mitre link : CVE-2006-5967

JSON object : View

CWE

NVD-CWE-Other

Products Affected

panda

activescan

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/secunia_research/2006-64/advisory/", "name": "http://secunia.com/secunia_research/2006-64/advisory/", "tags": ["Patch", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/21763", "name": "21763", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/21132", "name": "21132", "tags": [], "refsource": "BID"}, {"url": "http://www.vupen.com/english/advisories/2006/4536", "name": "ADV-2006-4536", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30319", "name": "pandaactivescan-activescan-code-execution(30319)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/451864/100/0/threaded", "name": "20061116 Secunia Research: Panda ActiveScan Multiple Vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Race condition in Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows remote attackers to cause memory corruption and execute arbitrary code via unknown vectors related to multiple invocations of the Analizar method in the ActiveScan.1 ActiveX control, which is not thread safe."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-5967", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-11-17T22:07Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:panda:activescan:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:panda:activescan:5.53.00:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-17T21:46Z"}

5.1 /10