CVE-2006-0965 - NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local us

CVE-2006-0965

Summary

NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to bypass security protections and configure privileged options via a long argument to ncpmon.exe, which provides access to alternate privileged menus, possibly due to a buffer overflow.

References

Vulnerable Configurations

cpe:2.3:a:ncp_network_communications:secure_client:8.11_build_146:*:*:*:*:*:*:*
cpe:2.3:a:ncp_network_communications:secure_client:8.11_build_146:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 18-10-2018 - 16:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	16906
bugtraq	20060301 NCP VPN/PKI Client - various Bugs
fulldisc	20060301 NCP VPN/PKI Client - various Bugs
secunia	19082
xf	ncp-ncpmon-bo(25243)

Last major update

18-10-2018 - 16:29

Published

02-03-2006 - 23:02

Last modified

18-10-2018 - 16:29