CVE-2006-6476

Name of the Vulnerable Software and Affected Versions Mandiant First Response (MFR) versions prior to 1.1.1

Description The issue allows local users to hijack a socket and capture data or cause a denial of service when FRAgent.exe is run in daemon mode and bound to all interfaces. This occurs because the sockets are opened in non-exclusive mode.

Recommendations For versions prior to 1.1.1, update to version 1.1.1 or later to resolve the issue. As a temporary workaround, consider restricting the binding of FRAgent.exe to a specific interface instead of all interfaces (0.0.0.0) to minimize the risk of exploitation.