Vulnerability Details CVE-2006-2273
The InstallProduct routine in the Verisign VUpdater.Install (aka i-Nav) ActiveX control does not verify Microsoft Cabinet (.CAB) files, which allows remote attackers to run an arbitrary executable file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.042
EPSS Ranking 88.0%
CVSS Severity
CVSS v2 Score 9.3
References
- http://secunia.com/advisories/20074
- http://securityreason.com/securityalert/878
- http://securitytracker.com/id?1016059
- http://www.osvdb.org/25431
- http://www.securityfocus.com/archive/1/433589/100/0/threaded
- http://www.securityfocus.com/bid/17939
- http://www.vupen.com/english/advisories/2006/1763
- http://www.zerodayinitiative.com/advisories/ZDI-06-014.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26375
- http://secunia.com/advisories/20074
- http://securityreason.com/securityalert/878
- http://securitytracker.com/id?1016059
- http://www.osvdb.org/25431
- http://www.securityfocus.com/archive/1/433589/100/0/threaded
- http://www.securityfocus.com/bid/17939
- http://www.vupen.com/english/advisories/2006/1763
- http://www.zerodayinitiative.com/advisories/ZDI-06-014.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26375