ID |
CVE-2006-1900
|
Summary |
Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in (1) the COMPACT attribute of the COLGROUP element, (2) the ROWS attribute of the TEXTAREA element, and (3) the COLOR attribute of the LEGEND element; and via other unspecified attack vectors consisting of "dozens of possible snippets." |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 7.6 (as of 18-10-2018 - 16:37) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
HIGH |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:N/AC:H/Au:N/C:C/I:C/A:C
|
refmap
via4
|
bid | 17507 | bugtraq | - 20060412 [BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4
- 20060412 [BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4 #2
| misc | | osvdb | | secunia | 19670 | vupen | ADV-2006-1351 | xf | amaya-various-attribute-bo(25791) |
|
Last major update |
18-10-2018 - 16:37 |
Published |
20-04-2006 - 10:02 |
Last modified |
18-10-2018 - 16:37 |