PT-2006-4807 · Mcafee · Mcafee Securitycenter

Karl Lynn

Published

2006-08-01

Updated

2018-10-17

CVE-2006-3961

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions McAfee Security Center version 6.0.23

Description The issue is related to a buffer overflow in the McSubMgr ActiveX control, which allows remote attackers to execute arbitrary commands. This is achieved by providing long string parameters that are later used in vsprintf, leading to the potential execution of malicious code.

Recommendations For McAfee Security Center version 6.0.23, update to a newer version that contains a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting the use of the McSubMgr ActiveX control until a patch is available. Avoid using long string parameters in the affected control to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2006-3961

Affected Products

Mcafee Securitycenter

PT-2006-4807 · Mcafee · Mcafee Securitycenter

CVE-2006-3961

Weakness Enumeration

Related Identifiers

Affected Products

References · 13