Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3134

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2006-3134
Last Modified 07 Mar 2011 09:37:55
Published 27 Jun 2006 01:05:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-3134

Summary

Buffer overflow in GraceNote CDDBControl ActiveX Control, as used by multiple products that use Gracenote CDDB, allows remote attackers to execute arbitrary code via a long option string.

Vulnerable Systems

Application

  • Gracenote Cddbcontrol Activex Control


References

CERT-VN - VU#701121

XF - gracenote-cddb-activex-bo(27416)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-06-019.html

VUPEN - ADV-2006-2563

VUPEN - ADV-2006-2562

BID - 18678

OSVDB - 26874

CONFIRM - http://www.gracenote.com/sec062706/SonySecurityNotification.html

SECTRACK - 1016389

SECUNIA - 20862

SECUNIA - 20861

FULLDISC - 20060627 ZDI-06-019: GraceNote CDDBControl ActiveX Buffer Overflow Vulnerability

MISC - http://europe.nokia.com/nokia/0,,93034,00.html


Last Updated: 27 May 2016 10:42:54