cvelistv5 - cve-2006-2086

CVE-2006-2086 (GCVE-0-2006-2086)

Vulnerability from cvelistv5

Published

2006-04-29 10:00

Modified

2024-08-07 17:35

Severity ?

CWE

Summary

References

URL

Tags

cve@mitre.org	http://secunia.com/advisories/19842
cve@mitre.org	http://securityreason.com/securityalert/819
cve@mitre.org	http://securitytracker.com/id?1016000
cve@mitre.org	http://www.eeye.com/html/research/advisories/AD20060424.html
cve@mitre.org	http://www.juniper.net/support/security/alerts/PSN-2006-03-013.txt
cve@mitre.org	http://www.kb.cert.org/vuls/id/477604	US Government Resource
cve@mitre.org	http://www.osvdb.org/25001
cve@mitre.org	http://www.securityfocus.com/archive/1/432155/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/17712
cve@mitre.org	http://www.vupen.com/english/advisories/2006/1543
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/26077
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19842
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/819
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016000
af854a3a-2127-422b-91ae-364da2661108	http://www.eeye.com/html/research/advisories/AD20060424.html
af854a3a-2127-422b-91ae-364da2661108	http://www.juniper.net/support/security/alerts/PSN-2006-03-013.txt
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/477604	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/25001
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/432155/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/17712
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/1543
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/26077

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:35:31.271Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "19842",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19842"
          },
          {
            "name": "819",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/819"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.juniper.net/support/security/alerts/PSN-2006-03-013.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.eeye.com/html/research/advisories/AD20060424.html"
          },
          {
            "name": "ADV-2006-1543",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1543"
          },
          {
            "name": "20060426 [EEYEB-20060227] Juniper Networks SSL-VPN Client Buffer Overflow",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/432155/100/0/threaded"
          },
          {
            "name": "juniper-ive-activex-bo(26077)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26077"
          },
          {
            "name": "25001",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/25001"
          },
          {
            "name": "VU#477604",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/477604"
          },
          {
            "name": "1016000",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016000"
          },
          {
            "name": "17712",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17712"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-04-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute arbitrary code via a long argument in the ProductName parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "19842",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19842"
        },
        {
          "name": "819",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/819"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.juniper.net/support/security/alerts/PSN-2006-03-013.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.eeye.com/html/research/advisories/AD20060424.html"
        },
        {
          "name": "ADV-2006-1543",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1543"
        },
        {
          "name": "20060426 [EEYEB-20060227] Juniper Networks SSL-VPN Client Buffer Overflow",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/432155/100/0/threaded"
        },
        {
          "name": "juniper-ive-activex-bo(26077)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26077"
        },
        {
          "name": "25001",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/25001"
        },
        {
          "name": "VU#477604",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/477604"
        },
        {
          "name": "1016000",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016000"
        },
        {
          "name": "17712",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17712"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2086",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute arbitrary code via a long argument in the ProductName parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "19842",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19842"
            },
            {
              "name": "819",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/819"
            },
            {
              "name": "http://www.juniper.net/support/security/alerts/PSN-2006-03-013.txt",
              "refsource": "CONFIRM",
              "url": "http://www.juniper.net/support/security/alerts/PSN-2006-03-013.txt"
            },
            {
              "name": "http://www.eeye.com/html/research/advisories/AD20060424.html",
              "refsource": "MISC",
              "url": "http://www.eeye.com/html/research/advisories/AD20060424.html"
            },
            {
              "name": "ADV-2006-1543",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1543"
            },
            {
              "name": "20060426 [EEYEB-20060227] Juniper Networks SSL-VPN Client Buffer Overflow",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/432155/100/0/threaded"
            },
            {
              "name": "juniper-ive-activex-bo(26077)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26077"
            },
            {
              "name": "25001",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/25001"
            },
            {
              "name": "VU#477604",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/477604"
            },
            {
              "name": "1016000",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016000"
            },
            {
              "name": "17712",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17712"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-2086",
    "datePublished": "2006-04-29T10:00:00",
    "dateReserved": "2006-04-28T00:00:00",
    "dateUpdated": "2024-08-07T17:35:31.271Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-2086\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-04-29T10:02:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute arbitrary code via a long argument in the ProductName parameter.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:junipersetup_control:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7EFAF86-B630-40B9-A36A-81D9A540E832\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/19842\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/819\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1016000\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.eeye.com/html/research/advisories/AD20060424.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.juniper.net/support/security/alerts/PSN-2006-03-013.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/477604\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/25001\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/432155/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/17712\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/1543\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/26077\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/19842\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/819\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1016000\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.eeye.com/html/research/advisories/AD20060424.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.juniper.net/support/security/alerts/PSN-2006-03-013.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/477604\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/25001\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/432155/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/17712\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/1543\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/26077\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2006-2086

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2006-2086

Aliases

CVE-2006-2086

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-2086",
    "description": "Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute arbitrary code via a long argument in the ProductName parameter.",
    "id": "GSD-2006-2086",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2006-2086"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-2086"
      ],
      "details": "Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute arbitrary code via a long argument in the ProductName parameter.",
      "id": "GSD-2006-2086",
      "modified": "2023-12-13T01:19:53.197137Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-2086",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute arbitrary code via a long argument in the ProductName parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "19842",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19842"
          },
          {
            "name": "819",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/819"
          },
          {
            "name": "http://www.juniper.net/support/security/alerts/PSN-2006-03-013.txt",
            "refsource": "CONFIRM",
            "url": "http://www.juniper.net/support/security/alerts/PSN-2006-03-013.txt"
          },
          {
            "name": "http://www.eeye.com/html/research/advisories/AD20060424.html",
            "refsource": "MISC",
            "url": "http://www.eeye.com/html/research/advisories/AD20060424.html"
          },
          {
            "name": "ADV-2006-1543",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/1543"
          },
          {
            "name": "20060426 [EEYEB-20060227] Juniper Networks SSL-VPN Client Buffer Overflow",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/432155/100/0/threaded"
          },
          {
            "name": "juniper-ive-activex-bo(26077)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26077"
          },
          {
            "name": "25001",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/25001"
          },
          {
            "name": "VU#477604",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/477604"
          },
          {
            "name": "1016000",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016000"
          },
          {
            "name": "17712",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/17712"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:juniper:junipersetup_control:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2086"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute arbitrary code via a long argument in the ProductName parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.eeye.com/html/research/advisories/AD20060424.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.eeye.com/html/research/advisories/AD20060424.html"
            },
            {
              "name": "http://www.juniper.net/support/security/alerts/PSN-2006-03-013.txt",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.juniper.net/support/security/alerts/PSN-2006-03-013.txt"
            },
            {
              "name": "17712",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/17712"
            },
            {
              "name": "1016000",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016000"
            },
            {
              "name": "19842",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/19842"
            },
            {
              "name": "VU#477604",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/477604"
            },
            {
              "name": "25001",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/25001"
            },
            {
              "name": "819",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/819"
            },
            {
              "name": "ADV-2006-1543",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/1543"
            },
            {
              "name": "juniper-ive-activex-bo(26077)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26077"
            },
            {
              "name": "20060426 [EEYEB-20060227] Juniper Networks SSL-VPN Client Buffer Overflow",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/432155/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-18T16:38Z",
      "publishedDate": "2006-04-29T10:02Z"
    }
  }
}

fkie_cve-2006-2086

Vulnerability from fkie_nvd

Published

2006-04-29 10:02

Modified

2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/19842
cve@mitre.org	http://securityreason.com/securityalert/819
cve@mitre.org	http://securitytracker.com/id?1016000
cve@mitre.org	http://www.eeye.com/html/research/advisories/AD20060424.html
cve@mitre.org	http://www.juniper.net/support/security/alerts/PSN-2006-03-013.txt
cve@mitre.org	http://www.kb.cert.org/vuls/id/477604	US Government Resource
cve@mitre.org	http://www.osvdb.org/25001
cve@mitre.org	http://www.securityfocus.com/archive/1/432155/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/17712
cve@mitre.org	http://www.vupen.com/english/advisories/2006/1543
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/26077
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19842
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/819
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016000
af854a3a-2127-422b-91ae-364da2661108	http://www.eeye.com/html/research/advisories/AD20060424.html
af854a3a-2127-422b-91ae-364da2661108	http://www.juniper.net/support/security/alerts/PSN-2006-03-013.txt
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/477604	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/25001
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/432155/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/17712
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/1543
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/26077

Impacted products

	Vendor	Product	Version
	juniper	junipersetup_control	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:juniper:junipersetup_control:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7EFAF86-B630-40B9-A36A-81D9A540E832",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute arbitrary code via a long argument in the ProductName parameter."
    }
  ],
  "id": "CVE-2006-2086",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-04-29T10:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19842"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/819"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016000"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.eeye.com/html/research/advisories/AD20060424.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.juniper.net/support/security/alerts/PSN-2006-03-013.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/477604"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/25001"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/432155/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/17712"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/1543"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19842"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/819"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.eeye.com/html/research/advisories/AD20060424.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.juniper.net/support/security/alerts/PSN-2006-03-013.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/477604"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/25001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/432155/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/17712"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/1543"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26077"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-jgcp-49rc-q8xp

Vulnerability from github

Published

2022-05-01 06:55

Modified

2022-05-01 06:55

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-2086"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-04-29T10:02:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute arbitrary code via a long argument in the ProductName parameter.",
  "id": "GHSA-jgcp-49rc-q8xp",
  "modified": "2022-05-01T06:55:43Z",
  "published": "2022-05-01T06:55:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2086"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26077"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19842"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/819"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016000"
    },
    {
      "type": "WEB",
      "url": "http://www.eeye.com/html/research/advisories/AD20060424.html"
    },
    {
      "type": "WEB",
      "url": "http://www.juniper.net/support/security/alerts/PSN-2006-03-013.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/477604"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/25001"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/432155/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/17712"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/1543"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute arbitrary code via a long argument in the ProductName parameter. Juniper SSL-VPN Client ActiveX control is prone to a buffer-overflow vulnerability. The software fails to perform sufficient bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer. Invoking the object from a malicious website may trigger the condition. If the vulnerability were successfully exploited, this would corrupt process memory, resulting in arbitrary code execution. Juniper's SSL VPN series products can provide users with secure remote access services. JuniperSetupDLL.dll is loaded from the JuniperSetup.ocx ActiveX control. If the following super long string is specified in the ProductName parameter, a stack overflow will be triggered in the JuniperSetupDLL.dll function: --- object classid=\"clsid: E5F5D008-DD2C-4D32-977D-1A0ADF03058B\" id= NeoterisSetup codebase=\"path_to_JuniperSetup.cab#version=1,0,0,3\" > ..... ---PARAM NAME=\"ProductName\" VALUE=\"AAAAAAA (long \'\'A\ '\')\" > ..... script language=javascript NeoterisSetup.startSession(); end script The vulnerable function is as follows: .text: 04F15783 ; int __stdcall sub_4F15783_ilvdlp(char *szProductName, LPCSTR lpValueName, LPBYTE lpData, LPDWORD lpcbData) .text: 04F15783 sub_4F15783_ilvdlp proc near .text: 04F15783 .text: 04F15783 SubKey = byte ptr -10Ch .text: 04F15783 Type = dword ptr -8 .text: 04F15783 hKey = dword ptr -4 ... This can be exploited to cause a stack-based buffer overflow when the control is instantiated with an overly long "ProductName" parameter. tricked into visiting a malicious web site.

The vulnerability has been reported in versions 1.x through 5.x.

SOLUTION: Update to IVE software version 5.3r2.1, 5.2r4.1, 5.1r8, 5.0r6.1, or 4.2r8.1.

PROVIDED AND/OR DISCOVERED BY: Yuji Ukai, eEye Digital Security.

ORIGINAL ADVISORY: eEye Digital Security: http://www.eeye.com/html/research/advisories/AD20060424.html

Juniper Networks: http://www.juniper.net/support/security/alerts/PSN-2006-03-013.txt

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200604-0559",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "junipersetup control",
        "scope": null,
        "trust": 1.4,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junipersetup control",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": "*"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "vpn-ssl-vpn ive",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "5.x"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#477604"
      },
      {
        "db": "BID",
        "id": "17712"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003966"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-546"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2086"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:juniper:junipersetup_control",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003966"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Yuji Ukai",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-546"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-2086",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2006-2086",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-18194",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2006-2086",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#477604",
            "trust": 0.8,
            "value": "14.22"
          },
          {
            "author": "NVD",
            "id": "CVE-2006-2086",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200604-546",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-18194",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#477604"
      },
      {
        "db": "VULHUB",
        "id": "VHN-18194"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003966"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-546"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2086"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute arbitrary code via a long argument in the ProductName parameter. Juniper SSL-VPN Client ActiveX control is prone to a buffer-overflow vulnerability. The software fails to perform sufficient bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer. \nInvoking the object from a malicious website may trigger the condition. If the vulnerability were successfully exploited, this would corrupt process memory, resulting in arbitrary code execution. Juniper\u0027s SSL VPN series products can provide users with secure remote access services. JuniperSetupDLL.dll is loaded from the JuniperSetup.ocx ActiveX control. If the following super long string is specified in the ProductName parameter, a stack overflow will be triggered in the JuniperSetupDLL.dll function: --- object classid=\\\"clsid: E5F5D008-DD2C-4D32-977D-1A0ADF03058B\\\" id= NeoterisSetup codebase=\\\"path_to_JuniperSetup.cab#version=1,0,0,3\\\" \u003e  ..... ---PARAM NAME=\\\"ProductName\\\" VALUE=\\\"AAAAAAA (long \\\u0027\\\u0027A\\ \u0027\\\u0027)\\\" \u003e  ..... script language=javascript NeoterisSetup.startSession(); end script The vulnerable function is as follows: .text: 04F15783 ; int __stdcall sub_4F15783_ilvdlp(char *szProductName, LPCSTR lpValueName, LPBYTE lpData, LPDWORD lpcbData) .text: 04F15783 sub_4F15783_ilvdlp proc near .text: 04F15783 .text: 04F15783 SubKey = byte ptr -10Ch .text: 04F15783 Type = dword ptr -8 .text: 04F15783 hKey = dword ptr -4 ... This\ncan be exploited to cause a stack-based buffer overflow when the\ncontrol is instantiated with an overly long \"ProductName\" parameter. tricked into visiting a malicious web site. \n\nThe vulnerability has been reported in versions 1.x through 5.x. \n\nSOLUTION:\nUpdate to IVE software version 5.3r2.1, 5.2r4.1, 5.1r8, 5.0r6.1, or\n4.2r8.1. \n\nPROVIDED AND/OR DISCOVERED BY:\nYuji Ukai, eEye Digital Security. \n\nORIGINAL ADVISORY:\neEye Digital Security:\nhttp://www.eeye.com/html/research/advisories/AD20060424.html\n\nJuniper Networks:\nhttp://www.juniper.net/support/security/alerts/PSN-2006-03-013.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2086"
      },
      {
        "db": "CERT/CC",
        "id": "VU#477604"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003966"
      },
      {
        "db": "BID",
        "id": "17712"
      },
      {
        "db": "VULHUB",
        "id": "VHN-18194"
      },
      {
        "db": "PACKETSTORM",
        "id": "45765"
      }
    ],
    "trust": 2.79
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-18194",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-18194"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#477604",
        "trust": 3.3
      },
      {
        "db": "SECUNIA",
        "id": "19842",
        "trust": 2.6
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2086",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "17712",
        "trust": 2.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-1543",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1016000",
        "trust": 1.7
      },
      {
        "db": "SREASON",
        "id": "819",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "25001",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003966",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-546",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20060426 [EEYEB-20060227] JUNIPER NETWORKS SSL-VPN CLIENT BUFFER OVERFLOW",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "26077",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "16568",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-71082",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "83003",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-18194",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "45765",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#477604"
      },
      {
        "db": "VULHUB",
        "id": "VHN-18194"
      },
      {
        "db": "BID",
        "id": "17712"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003966"
      },
      {
        "db": "PACKETSTORM",
        "id": "45765"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-546"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2086"
      }
    ]
  },
  "id": "VAR-200604-0559",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-18194"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:10:14.704000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "PSN-2006-03-013.txt",
        "trust": 0.8,
        "url": "http://www.juniper.net/support/security/alerts/PSN-2006-03-013.txt"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003966"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2086"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.kb.cert.org/vuls/id/477604"
      },
      {
        "trust": 1.8,
        "url": "http://www.juniper.net/support/security/alerts/psn-2006-03-013.txt"
      },
      {
        "trust": 1.8,
        "url": "http://www.eeye.com/html/research/advisories/ad20060424.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/17712"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/25001"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1016000"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/19842"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/819"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/432155/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/1543"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26077"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/19842/"
      },
      {
        "trust": 0.8,
        "url": "http://www.juniper.net/support/security/alerts/psn-2006-03-013.txt "
      },
      {
        "trust": 0.8,
        "url": "http://www.eeye.com/html/research/advisories/ad20060424.html "
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2086"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-2086"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/432155/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/26077"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/1543"
      },
      {
        "trust": 0.3,
        "url": "http://www.juniper.net/"
      },
      {
        "trust": 0.3,
        "url": "http://juniper.net/support/security/security_notices.html"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/432155"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6644/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6645/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#477604"
      },
      {
        "db": "VULHUB",
        "id": "VHN-18194"
      },
      {
        "db": "BID",
        "id": "17712"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003966"
      },
      {
        "db": "PACKETSTORM",
        "id": "45765"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-546"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2086"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#477604"
      },
      {
        "db": "VULHUB",
        "id": "VHN-18194"
      },
      {
        "db": "BID",
        "id": "17712"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003966"
      },
      {
        "db": "PACKETSTORM",
        "id": "45765"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-546"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2086"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-05-04T00:00:00",
        "db": "CERT/CC",
        "id": "VU#477604"
      },
      {
        "date": "2006-04-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-18194"
      },
      {
        "date": "2006-04-26T00:00:00",
        "db": "BID",
        "id": "17712"
      },
      {
        "date": "2014-03-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-003966"
      },
      {
        "date": "2006-04-27T21:57:26",
        "db": "PACKETSTORM",
        "id": "45765"
      },
      {
        "date": "2006-04-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200604-546"
      },
      {
        "date": "2006-04-29T10:02:00",
        "db": "NVD",
        "id": "CVE-2006-2086"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-05-04T00:00:00",
        "db": "CERT/CC",
        "id": "VU#477604"
      },
      {
        "date": "2018-10-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-18194"
      },
      {
        "date": "2006-04-27T18:21:00",
        "db": "BID",
        "id": "17712"
      },
      {
        "date": "2014-03-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-003966"
      },
      {
        "date": "2006-04-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200604-546"
      },
      {
        "date": "2024-11-21T00:10:31.443000",
        "db": "NVD",
        "id": "CVE-2006-2086"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-546"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Juniper Networks IVE client ActiveX control buffer overflow",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#477604"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200604-546"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2006-2086 (GCVE-0-2006-2086)

Vulnerability from cvelistv5

gsd-2006-2086

Vulnerability from gsd

fkie_cve-2006-2086

Vulnerability from fkie_nvd

ghsa-jgcp-49rc-q8xp

Vulnerability from github

var-200604-0559

Vulnerability from variot

Tags

Sightings

Nomenclature