CVE-2006-3492

Name of the Vulnerable Software and Affected Versions MICO (Mico Is CORBA) versions 2.3.12 and earlier

Description The issue allows remote attackers to cause a denial of service, resulting in an application crash. This is achieved by sending a message with an incorrect "object key", which triggers an assert error in the CORBA::ORBInvokeRec::set answer invoke function.

Recommendations For MICO (Mico Is CORBA) versions 2.3.12 and earlier, consider applying a patch or fix that corrects the CORBA::ORBInvokeRec::set answer invoke function to properly handle messages with incorrect "object key" values. At the moment, there is no information about a newer version that contains a fix for this vulnerability.