var-200601-0135
Vulnerability from variot
Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when SecureClient attempts to launch the Sr_GUI.exe program. Check Point VPN-1 SecureClient is prone to a vulnerability that could allow an arbitrary file to be executed. The application attempts to execute an application without using properly quoted paths. Successful exploitation may allow local attackers to gain elevated privileges. Specific information about affected versions of Check Point VPN-1 SecureClient is unavailable at this time. This BID will be updated as further information is disclosed
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200601-0135",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vpn-1",
"scope": "eq",
"trust": 1.6,
"vendor": "checkpoint",
"version": "4.1"
},
{
"model": "vpn-1",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "*"
},
{
"model": "vpn-1",
"scope": "eq",
"trust": 0.6,
"vendor": "checkpoint",
"version": "fp1"
},
{
"model": "point software vpn-1 sp6",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp5a",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1",
"scope": "eq",
"trust": 0.3,
"vendor": "check",
"version": "4.1"
},
{
"model": "point software vpn-1 fp1",
"scope": null,
"trust": 0.3,
"vendor": "check",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "16290"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-167"
},
{
"db": "NVD",
"id": "CVE-2006-0255"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Thierry Zoller",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200601-167"
}
],
"trust": 0.6
},
"cve": "CVE-2006-0255",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2006-0255",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-16363",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-0255",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200601-167",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-16363",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-16363"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-167"
},
{
"db": "NVD",
"id": "CVE-2006-0255"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious \"program.exe\" file in the C: folder, which is run when SecureClient attempts to launch the Sr_GUI.exe program. Check Point VPN-1 SecureClient is prone to a vulnerability that could allow an arbitrary file to be executed. \nThe application attempts to execute an application without using properly quoted paths. Successful exploitation may allow local attackers to gain elevated privileges. \nSpecific information about affected versions of Check Point VPN-1 SecureClient is unavailable at this time. This BID will be updated as further information is disclosed",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-0255"
},
{
"db": "BID",
"id": "16290"
},
{
"db": "VULHUB",
"id": "VHN-16363"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "16290",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2006-0255",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-0258",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200601-167",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20060117 [ TZO-012006 ] CHECKPOINT VPN-1 SECURECLIENT INSECURE USAGE OF CREATEPROCESS()",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-16363",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-16363"
},
{
"db": "BID",
"id": "16290"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-167"
},
{
"db": "NVD",
"id": "CVE-2006-0255"
}
]
},
"id": "VAR-200601-0135",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-16363"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:49:46.683000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-0255"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/16290"
},
{
"trust": 1.7,
"url": "http://secdev.zoller.lu/research/checkpoint.txt"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/422263/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/0258"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/422263/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/0258"
},
{
"trust": 0.3,
"url": "http://www.checkpoint.com/products/vpn-1_clients/index.html"
},
{
"trust": 0.3,
"url": "/archive/1/422263"
},
{
"trust": 0.1,
"url": ""
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-16363"
},
{
"db": "BID",
"id": "16290"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-167"
},
{
"db": "NVD",
"id": "CVE-2006-0255"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-16363"
},
{
"db": "BID",
"id": "16290"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-167"
},
{
"db": "NVD",
"id": "CVE-2006-0255"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-01-18T00:00:00",
"db": "VULHUB",
"id": "VHN-16363"
},
{
"date": "2006-01-17T00:00:00",
"db": "BID",
"id": "16290"
},
{
"date": "2006-01-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200601-167"
},
{
"date": "2006-01-18T01:51:00",
"db": "NVD",
"id": "CVE-2006-0255"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-16363"
},
{
"date": "2006-01-17T00:00:00",
"db": "BID",
"id": "16290"
},
{
"date": "2006-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200601-167"
},
{
"date": "2024-11-21T00:06:02.033000",
"db": "NVD",
"id": "CVE-2006-0255"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "16290"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-167"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Check Point VPN-1 SecureClient Path Specification Local Privilege Upgrade Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200601-167"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "16290"
},
{
"db": "CNNVD",
"id": "CNNVD-200601-167"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…