CVE-2006-6838 - Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to execute arbitrary files, and

CVE-2006-6838

Summary

Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to execute arbitrary files, and obtain sensitive information (usernames and pathnames), via a URL in the url vbscript parameter.

References

http://www.infogreg.com/security/misc/rediff-bol-downloader-allows-downloading-and-spawning-arbitary-files.html
http://www.securityfocus.com/bid/21831
http://securityreason.com/securityalert/2089
http://www.securityfocus.com/archive/1/455611/100/0/threaded

Vulnerable Configurations

cpe:2.3:a:rediff:bol_downloader_activex_ocx_control:*:*:*:*:*:*:*:*
cpe:2.3:a:rediff:bol_downloader_activex_ocx_control:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 14-02-2024 - 01:17)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	21831
bugtraq	20061231 Rediff Bol Downloader Allows Downloading and Spawning Arbitary Files
misc	http://www.infogreg.com/security/misc/rediff-bol-downloader-allows-downloading-and-spawning-arbitary-files.html
sreason	2089

Last major update

14-02-2024 - 01:17

Published

31-12-2006 - 05:00

Last modified

14-02-2024 - 01:17