CVE-2006-6707

Name of the Vulnerable Software and Affected Versions: NeoTrace Express version 3.25 NeoTrace Pro version 3.25

Description: The issue is related to a stack-based buffer overflow in the NeoTraceExplorer.NeoTraceLoader ActiveX control. This can be exploited by remote attackers to execute arbitrary code via a long argument string to the TraceTarget method.

Recommendations: For NeoTrace Express version 3.25, consider disabling the TraceTarget method until a patch is available. For NeoTrace Pro version 3.25, restrict access to the NeoTraceExplorer.NeoTraceLoader ActiveX control to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.