CVE-2006-1900

Name of the Vulnerable Software and Affected Versions Amaya versions 8.x before 8.8.5 Amaya version 9.4

Description The issue allows remote attackers to execute arbitrary code via buffer overflows. This can be achieved by providing a long value in certain attributes, such as the COMPACT attribute of the COLGROUP element, the ROWS attribute of the TEXTAREA element, and the COLOR attribute of the LEGEND element. Other unspecified attack vectors are also possible.

Recommendations For Amaya versions 8.x before 8.8.5, update to version 8.8.5 or later. For Amaya version 9.4, at the moment, there is no information about a newer version that contains a fix for this issue. As a temporary workaround, consider restricting the use of the COLGROUP, TEXTAREA, and LEGEND elements until a patch is available. Avoid using long values in the COMPACT, ROWS, and COLOR attributes of these elements to minimize the risk of exploitation.