CVE-2006-2324 - 180solutions Zango downloads "required Adware components" without checking integrity or authenticity

CVE-2006-2324

Summary

180solutions Zango downloads "required Adware components" without checking integrity or authenticity, which might allow context-dependent attackers to execute arbitrary code by subverting the DNS resolution of static.zangocash.com. The only known mitigation for this vulnerability is to block access to static.zangocash.com or zangocash.com althogether at the firewall.

References

Vulnerable Configurations

cpe:2.3:a:180solutions:zango:*:*:*:*:*:*:*:*
cpe:2.3:a:180solutions:zango:*:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 18-10-2018 - 16:39)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bugtraq	20060509 [TZO-042006] Insecure Auto-Update and File execution
misc	http://secdev.zoller.lu/research/zango.htm
sreason	890

Last major update

18-10-2018 - 16:39

Published

12-05-2006 - 00:02

Last modified

18-10-2018 - 16:39