ID |
CVE-2006-2324
|
Summary |
180solutions Zango downloads "required Adware components" without checking integrity or authenticity, which might allow context-dependent attackers to execute arbitrary code by subverting the DNS resolution of static.zangocash.com. The only known mitigation for this vulnerability is to block access to static.zangocash.com or zangocash.com althogether at the firewall. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 10.0 (as of 18-10-2018 - 16:39) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
COMPLETE |
COMPLETE |
COMPLETE |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
refmap
via4
|
|
Last major update |
18-10-2018 - 16:39 |
Published |
12-05-2006 - 00:02 |
Last modified |
18-10-2018 - 16:39 |