Buffer Overflow in McAfee Security Center ActiveX Control
CVE-2006-3961

Currently unrated

Key Information:

Vendor
Mcafee
Status
Privacy Service
Spamkiller
Internet Security Suite
Virusscan
Vendor
CVE Published:
1 August 2006

Summary

A buffer overflow vulnerability exists in the McSubMgr ActiveX control (mcsubmgr.dll) of McAfee Security Center 6.0.23. This flaw enables remote, user-assisted attackers to execute arbitrary commands by sending specially crafted long string parameters that are subsequently handled by the vsprintf function. Such exploitation necessitates user interaction, thereby allowing potential malicious actions that compromise system integrity.

References

http://www.securityfocus.com/bid/19265
vdb-entryx_refsource_BID
http://www.eeye.com/html/research/upcoming/20060719.html
x_refsource_MISC
http://securitytracker.com/id?1016614
vdb-entryx_refsource_SECTRACK

EPSS Score

70% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.