CVE-2006-3217 - JaguarEditControl (JEdit) ActiveX Control 1.1.0.20 and earlier allows remote attackers to obtain sen

CVE-2006-3217

Summary

JaguarEditControl (JEdit) ActiveX Control 1.1.0.20 and earlier allows remote attackers to obtain sensitive information, such as the username and MAC and IP addresses, by setting the test field to certain values such as 2404 or 2790, then reading the information from the .JText field.

References

Vulnerable Configurations

cpe:2.3:a:jaguarsoft:jaguaredit:1.1.0.18:*:*:*:*:*:*:*
cpe:2.3:a:jaguarsoft:jaguaredit:1.1.0.18:*:*:*:*:*:*:*
cpe:2.3:a:jaguarsoft:jaguaredit:1.1.0.19:*:*:*:*:*:*:*
cpe:2.3:a:jaguarsoft:jaguaredit:1.1.0.19:*:*:*:*:*:*:*
cpe:2.3:a:jaguarsoft:jaguaredit:*:*:*:*:*:*:*:*
cpe:2.3:a:jaguarsoft:jaguaredit:*:*:*:*:*:*:*:*

CVSS

Base:	2.6 (as of 18-10-2018 - 16:46)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:H/Au:N/C:P/I:N/A:N

refmap via4

bid	18576
bugtraq	20060621 JEdit ActiveX Control Information Disclosure vulnerability
misc	http://www.srlabs.net/bulten/JaguarEdit_2.htm http://www.srlabs.net/bulten/source/Jaguar.htm
secunia	20759
sreason	1145
vupen	ADV-2006-2489
xf	jedit-unspecified-information-disclosure(27290)

Last major update

18-10-2018 - 16:46

Published

24-06-2006 - 01:06

Last modified

18-10-2018 - 16:46