Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2273

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2006-2273
Last Modified 07 Mar 2011 09:35:51
Published 11 May 2006 08:02:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-2273

Summary

The InstallProduct routine in the Verisign VUpdater.Install (aka i-Nav) ActiveX control does not verify Microsoft Cabinet (.CAB) files, which allows remote attackers to run an arbitrary executable file.

Vulnerable Systems

Application

  • Verisign I-nav


References

XF - verisign-inav-activex-code-execution(26375)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-06-014.html

VUPEN - ADV-2006-1763

BID - 17939

BUGTRAQ - 20060510 ZDI-06-014: Verisign I-Nav ActiveX Control Code Execution Vulnerability

OSVDB - 25431

SECTRACK - 1016059

SECUNIA - 20074

SREASON - 878


Last Updated: 27 May 2016 10:42:24