CVE-2006-4659 - The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses predictable URLs for the s

CVE-2006-4659

Summary

The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses predictable URLs for the spam classification of each message, which allows remote attackers to cause Panda to classify arbitrary messages as spam via a web page that contains IMG tags with the predictable URLs. NOTE: this issue could also be regarded as a cross-site request forgery (CSRF) vulnerability.

References

Vulnerable Configurations

cpe:2.3:a:panda:panda_platinum_internet_security:2006_10.02.01:*:*:*:*:*:*:*
cpe:2.3:a:panda:panda_platinum_internet_security:2006_10.02.01:*:*:*:*:*:*:*
cpe:2.3:a:panda:panda_platinum_internet_security:2007_11.00.00:*:*:*:*:*:*:*
cpe:2.3:a:panda:panda_platinum_internet_security:2007_11.00.00:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 17-10-2018 - 21:38)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

refmap via4

bid	19891
bugtraq	20060907 SECURITY.NNOV: Panda Platinum Internet Security privilege escalation / bayesian filter control security vulnerabilities
misc	http://www.security.nnov.ru/advisories/pandais.asp
secunia	21769
sreason	1524

Last major update

17-10-2018 - 21:38

Published

09-09-2006 - 00:04

Last modified

17-10-2018 - 21:38