Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1900

Overview

Vulnerability Score 7.6 7.6
CVE Id CVE-2006-1900
Last Modified 07 Mar 2011 09:34:31
Published 20 Apr 2006 06:02:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-1900

Summary

Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in (1) the COMPACT attribute of the COLGROUP element, (2) the ROWS attribute of the TEXTAREA element, and (3) the COLOR attribute of the LEGEND element; and via other unspecified attack vectors consisting of "dozens of possible snippets."

Vulnerable Systems

Application

  • W3c Amaya 9.4


References

XF - amaya-various-attribute-bo(25791)

OSVDB - 24624

OSVDB - 24623

SECUNIA - 19670

VUPEN - ADV-2006-1351

BID - 17507

MISC - http://morph3us.org/advisories/20060412-amaya-94.txt

MISC - http://morph3us.org/advisories/20060412-amaya-94-2.txt

BUGTRAQ - 20060412 [BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4 #2

BUGTRAQ - 20060412 [BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4


Last Updated: 27 May 2016 10:42:15