Vulnerability Details : CVE-2006-6442
Stack-based buffer overflow in the SetClientInfo function in the CDDBControlAOL.CDDBAOLControl ActiveX control (cddbcontrol.dll), as used in America Online (AOL) 7.0 4114.563, 8.0 4129.230, and 9.0 Security Edition 4156.910, and possibly other products, allows remote attackers to execute arbitrary code via a long ClientId argument.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2006-6442
Probability of exploitation activity in the next 30 days: 11.39%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-6442
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2006-6442
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-6442
-
http://www.vupen.com/english/advisories/2006/4904
Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/30790
-
http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051230.html
-
http://securitytracker.com/id?1017357
-
http://www.securityfocus.com/bid/21488
-
http://attrition.org/pipermail/vim/2006-December/001173.html
-
http://www.securityfocus.com/archive/1/454105/100/0/threaded
Products affected by CVE-2006-6442
- cpe:2.3:a:aol:aol_client_software:7.0_4114.563:*:*:*:*:*:*:*
- cpe:2.3:a:aol:aol_client_software:8.0_4129.230:*:*:*:*:*:*:*
- cpe:2.3:a:aol:aol_client_software:9.0:*:security_4156.910:*:*:*:*:*