Vulnerability Details : CVE-2006-6293
Heap-based buffer overflow in FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remote attackers to execute arbitrary code via a crafted CHM file. NOTE: this issue has at least a partial overlap with CVE-2006-6294.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2006-6293
Probability of exploitation activity in the next 30 days: 60.96%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-6293
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2006-6293
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-6293
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051096.html
-
https://www.exploit-db.com/exploits/2893
- http://www.f-prot.com/news/gen_news/061201_release_unix467.html
-
http://gleg.net/vulndisco_meta.shtml
404 Not FoundExploit
- http://www.securityfocus.com/archive/1/453475/100/0/threaded
- http://securitytracker.com/id?1017331
-
http://www.securityfocus.com/bid/21086
Patch;Vendor Advisory
-
http://www.vupen.com/english/advisories/2006/4830
Vendor Advisory
- http://gleg.net/fprot.txt
- http://security.gentoo.org/glsa/glsa-200612-12.xml
Products affected by CVE-2006-6293
- cpe:2.3:a:f-prot:f-prot_antivirus:*:*:*:*:*:*:*:*
- cpe:2.3:a:f-prot:f-prot_antivirus:3.16e:*:*:*:*:*:*:*
- cpe:2.3:a:f-prot:f-prot_antivirus:3.14c:*:*:*:*:*:*:*
- cpe:2.3:a:f-prot:f-prot_antivirus:3.15:*:*:*:*:*:*:*
- cpe:2.3:a:f-prot:f-prot_antivirus:3.11b:*:*:*:*:*:*:*
- cpe:2.3:a:f-prot:f-prot_antivirus:3.12b:*:*:*:*:*:*:*
- cpe:2.3:a:f-prot:f-prot_antivirus:3.12c:*:*:*:*:*:*:*
- cpe:2.3:a:f-prot:f-prot_antivirus:3.16b:*:*:*:*:*:*:*
- cpe:2.3:a:f-prot:f-prot_antivirus:3.14d:*:*:*:*:*:*:*
- cpe:2.3:a:f-prot:f-prot_antivirus:3.14a:*:*:*:*:*:*:*
- cpe:2.3:a:f-prot:f-prot_antivirus:3.12d:*:*:*:*:*:*:*
- cpe:2.3:a:f-prot:f-prot_antivirus:3.13:*:*:*:*:*:*:*
- cpe:2.3:a:f-prot:f-prot_antivirus:3.16c:*:*:*:*:*:*:*
- cpe:2.3:a:f-prot:f-prot_antivirus:3.16:*:*:*:*:*:*:*
- cpe:2.3:a:f-prot:f-prot_antivirus:3.16a:*:*:*:*:*:*:*
- cpe:2.3:a:f-prot:f-prot_antivirus:3.14b:*:*:*:*:*:*:*
- cpe:2.3:a:f-prot:f-prot_antivirus:3.15a:*:*:*:*:*:*:*
- cpe:2.3:a:f-prot:f-prot_antivirus:3.13a:*:*:*:*:*:*:*
- cpe:2.3:a:f-prot:f-prot_antivirus:3.14:*:*:*:*:*:*:*
- cpe:2.3:a:f-prot:f-prot_antivirus:3.16f:*:*:*:*:*:*:*
- cpe:2.3:a:f-prot:f-prot_antivirus:3.16d:*:*:*:*:*:*:*
- cpe:2.3:a:f-prot:f-prot_antivirus:3.15b:*:*:*:*:*:*:*
- cpe:2.3:a:f-prot:f-prot_antivirus:3.14e:*:*:*:*:*:*:*
- cpe:2.3:a:f-prot:f-prot_antivirus:3.12:*:*:*:*:*:*:*
- cpe:2.3:a:f-prot:f-prot_antivirus:3.12a:*:*:*:*:*:*:*