PT-2006-3201 · Banktown · Banktown Client Control

Gyu Tae

Published

2006-05-05

Updated

2018-10-18

CVE-2006-2233

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions BankTown Client Control (aka BtCxCtl20Com) versions 1.4.2.51817 through 1.5.2.50209

Description The issue allows remote attackers to execute arbitrary code via a long string in the first argument to the SetBannerUrl function.

Recommendations For versions 1.4.2.51817 through 1.5.2.50209, consider restricting the length of the string passed to the SetBannerUrl function to prevent buffer overflow until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2233

Affected Products

Banktown Client Control

PT-2006-3201 · Banktown · Banktown Client Control

CVE-2006-2233

Related Identifiers

Affected Products

References · 11