CVE-2006-3961
McAfee Subscription Manager - Remote Stack Buffer Overflow
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf.
Desbordamiento de búfer en control ActiveX McSubMgr (mcsubmgr.dll) en McAfee Security Center 6.0.23 para Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, y QuickClean permite a atacantes con la intervención del usuario ejecutar comandos de su elección a través de paráametros string, los cuales son posteriormente usados en vsprintf.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2006-08-01 CVE Reserved
- 2006-08-01 CVE Published
- 2010-07-03 First Exploit
- 2024-06-21 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1016614 | Vdb Entry | |
| http://ts.mcafeehelp.com/faq3.asp?docid=407052 | X_refsource_confirm | |
| http://www.eeye.com/html/research/advisories/AD2006807.html | X_refsource_misc | |
| http://www.eeye.com/html/research/upcoming/20060719.html | X_refsource_misc | |
| http://www.kb.cert.org/vuls/id/481212 | Third Party Advisory |
|
| http://www.osvdb.org/27698 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/442495/100/100/threaded | Mailing List |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/16510 | 2010-07-03 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/21264 | 2018-10-17 | |
| http://www.securityfocus.com/bid/19265 | 2018-10-17 |
| URL | Date | SRC |
|---|---|---|
| http://www.vupen.com/english/advisories/2006/3096 | 2018-10-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mcafee Search vendor "Mcafee" | Antispyware Search vendor "Mcafee" for product "Antispyware" | 2005 Search vendor "Mcafee" for product "Antispyware" and version "2005" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Antispyware Search vendor "Mcafee" for product "Antispyware" | 2006 Search vendor "Mcafee" for product "Antispyware" and version "2006" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Internet Security Suite Search vendor "Mcafee" for product "Internet Security Suite" | 2004 Search vendor "Mcafee" for product "Internet Security Suite" and version "2004" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Internet Security Suite Search vendor "Mcafee" for product "Internet Security Suite" | 2005 Search vendor "Mcafee" for product "Internet Security Suite" and version "2005" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Internet Security Suite Search vendor "Mcafee" for product "Internet Security Suite" | 2006 Search vendor "Mcafee" for product "Internet Security Suite" and version "2006" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Personal Firewall Plus Search vendor "Mcafee" for product "Personal Firewall Plus" | 2004 Search vendor "Mcafee" for product "Personal Firewall Plus" and version "2004" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Personal Firewall Plus Search vendor "Mcafee" for product "Personal Firewall Plus" | 2005 Search vendor "Mcafee" for product "Personal Firewall Plus" and version "2005" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Personal Firewall Plus Search vendor "Mcafee" for product "Personal Firewall Plus" | 2006 Search vendor "Mcafee" for product "Personal Firewall Plus" and version "2006" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Privacy Service Search vendor "Mcafee" for product "Privacy Service" | 2004 Search vendor "Mcafee" for product "Privacy Service" and version "2004" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Privacy Service Search vendor "Mcafee" for product "Privacy Service" | 2005 Search vendor "Mcafee" for product "Privacy Service" and version "2005" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Privacy Service Search vendor "Mcafee" for product "Privacy Service" | 2006 Search vendor "Mcafee" for product "Privacy Service" and version "2006" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Quickclean Search vendor "Mcafee" for product "Quickclean" | 2004 Search vendor "Mcafee" for product "Quickclean" and version "2004" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Quickclean Search vendor "Mcafee" for product "Quickclean" | 2005 Search vendor "Mcafee" for product "Quickclean" and version "2005" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Quickclean Search vendor "Mcafee" for product "Quickclean" | 2006 Search vendor "Mcafee" for product "Quickclean" and version "2006" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Security Center Search vendor "Mcafee" for product "Security Center" | 4.3 Search vendor "Mcafee" for product "Security Center" and version "4.3" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Security Center Search vendor "Mcafee" for product "Security Center" | 6.0 Search vendor "Mcafee" for product "Security Center" and version "6.0" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Security Center Search vendor "Mcafee" for product "Security Center" | 6.0.22 Search vendor "Mcafee" for product "Security Center" and version "6.0.22" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Security Center Search vendor "Mcafee" for product "Security Center" | 6.0.23 Search vendor "Mcafee" for product "Security Center" and version "6.0.23" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Spamkiller Search vendor "Mcafee" for product "Spamkiller" | 5.0 Search vendor "Mcafee" for product "Spamkiller" and version "5.0" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Spamkiller Search vendor "Mcafee" for product "Spamkiller" | 6.0 Search vendor "Mcafee" for product "Spamkiller" and version "6.0" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Spamkiller Search vendor "Mcafee" for product "Spamkiller" | 7.0 Search vendor "Mcafee" for product "Spamkiller" and version "7.0" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Virusscan Search vendor "Mcafee" for product "Virusscan" | 2004 Search vendor "Mcafee" for product "Virusscan" and version "2004" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Virusscan Search vendor "Mcafee" for product "Virusscan" | 2005 Search vendor "Mcafee" for product "Virusscan" and version "2005" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Virusscan Search vendor "Mcafee" for product "Virusscan" | 2006 Search vendor "Mcafee" for product "Virusscan" and version "2006" | - |
Affected
| ||||||
| Mcafee Search vendor "Mcafee" | Wireless Home Network Security Search vendor "Mcafee" for product "Wireless Home Network Security" | 2006 Search vendor "Mcafee" for product "Wireless Home Network Security" and version "2006" | - |
Affected
| ||||||