PT-2006-3240 · Verisign · Verisign Vupdater.Install Activex Control

Publicado

2006-05-12

Atualizado

2018-10-18

CVE-2006-2273

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Verisign VUpdater.Install (aka i-Nav) ActiveX control (affected versions not specified)

Description The issue concerns the InstallProduct routine in the Verisign VUpdater.Install ActiveX control, which fails to verify Microsoft Cabinet (.CAB) files. This allows remote attackers to execute arbitrary executable files.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-2273

Produtos afetados

Verisign Vupdater.Install Activex Control

PT-2006-3240 · Verisign · Verisign Vupdater.Install Activex Control

CVE-2006-2273

Identificadores relacionados

Produtos afetados

Referências · 10