Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3217

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2006-3217
Last Modified 07 Mar 2011 09:38:06
Published 23 Jun 2006 09:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-3217

Summary

JaguarEditControl (JEdit) ActiveX Control 1.1.0.20 and earlier allows remote attackers to obtain sensitive information, such as the username and MAC and IP addresses, by setting the test field to certain values such as 2404 or 2790, then reading the information from the .JText field.

Vulnerable Systems

Application

  • Jaguarsoft Jaguaredit 1.1.0.18

  • Jaguarsoft Jaguaredit 1.1.0.19

  • Jaguarsoft Jaguaredit 1.1.0.20


References

VUPEN - ADV-2006-2489

MISC - http://www.srlabs.net/bulten/source/Jaguar.htm

MISC - http://www.srlabs.net/bulten/JaguarEdit_2.htm

BID - 18576

BUGTRAQ - 20060621 JEdit ActiveX Control Information Disclosure vulnerability

SECUNIA - 20759

XF - jedit-unspecified-information-disclosure(27290)

SREASON - 1145


Last Updated: 27 May 2016 10:42:56