Vulnerability Details CVE-2006-3961
Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.708
EPSS Ranking 98.6%
CVSS Severity
CVSS v2 Score 6.8
References
- http://secunia.com/advisories/21264
- http://securitytracker.com/id?1016614
- http://ts.mcafeehelp.com/faq3.asp?docid=407052
- http://www.eeye.com/html/research/advisories/AD2006807.html
- http://www.eeye.com/html/research/upcoming/20060719.html
- http://www.kb.cert.org/vuls/id/481212
- http://www.osvdb.org/27698
- http://www.securityfocus.com/archive/1/442495/100/100/threaded
- http://www.securityfocus.com/bid/19265
- http://www.vupen.com/english/advisories/2006/3096
- http://secunia.com/advisories/21264
- http://securitytracker.com/id?1016614
- http://ts.mcafeehelp.com/faq3.asp?docid=407052
- http://www.eeye.com/html/research/advisories/AD2006807.html
- http://www.eeye.com/html/research/upcoming/20060719.html
- http://www.kb.cert.org/vuls/id/481212
- http://www.osvdb.org/27698
- http://www.securityfocus.com/archive/1/442495/100/100/threaded
- http://www.securityfocus.com/bid/19265
- http://www.vupen.com/english/advisories/2006/3096
Products affected by CVE-2006-3961
-
cpe:2.3:a:mcafee:antispyware:2005
-
cpe:2.3:a:mcafee:antispyware:2006
-
cpe:2.3:a:mcafee:internet_security_suite:2004
-
cpe:2.3:a:mcafee:internet_security_suite:2005
-
cpe:2.3:a:mcafee:internet_security_suite:2006
-
cpe:2.3:a:mcafee:personal_firewall_plus:2004
-
cpe:2.3:a:mcafee:personal_firewall_plus:2005
-
cpe:2.3:a:mcafee:personal_firewall_plus:2006
-
cpe:2.3:a:mcafee:privacy_service:2004
-
cpe:2.3:a:mcafee:privacy_service:2005
-
cpe:2.3:a:mcafee:privacy_service:2006
-
cpe:2.3:a:mcafee:quickclean:2004
-
cpe:2.3:a:mcafee:quickclean:2005
-
cpe:2.3:a:mcafee:quickclean:2006
-
cpe:2.3:a:mcafee:security_center:4.3
-
cpe:2.3:a:mcafee:security_center:6.0
-
cpe:2.3:a:mcafee:security_center:6.0.22
-
cpe:2.3:a:mcafee:security_center:6.0.23
-
cpe:2.3:a:mcafee:spamkiller:5.0
-
cpe:2.3:a:mcafee:spamkiller:6.0
-
cpe:2.3:a:mcafee:spamkiller:7.0
-
cpe:2.3:a:mcafee:virusscan:2004
-
cpe:2.3:a:mcafee:virusscan:2005
-
cpe:2.3:a:mcafee:virusscan:2006
-
cpe:2.3:a:mcafee:wireless_home_network_security:2006