CVE-2006-3961: Buffer Overflow
First published: Tue Aug 01 2006(Updated: )
Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mcafee Privacy Service | =2005 | |
| Mcafee Spamkiller | =7.0 | |
| McAfee Internet Security Suite | =2005 | |
| McAfee VirusScan | =2006 | |
| Mcafee Personal Firewall Plus | =2005 | |
| McAfee VirusScan | =2004 | |
| Mcafee Spamkiller | =6.0 | |
| Mcafee Spamkiller | =5.0 | |
| McAfee Security Center | =6.0.22 | |
| Mcafee Antispyware | =2005 | |
| Mcafee Personal Firewall Plus | =2004 | |
| Mcafee Quickclean | =2005 | |
| Mcafee Privacy Service | =2006 | |
| McAfee Security Center | =6.0 | |
| McAfee Security Center | =6.0.23 | |
| McAfee VirusScan | =2005 | |
| Mcafee Wireless Home Network Security | =2006 | |
| Mcafee Privacy Service | =2004 | |
| Mcafee Personal Firewall Plus | =2006 | |
| McAfee Internet Security Suite | =2004 | |
| McAfee Security Center | =4.3 | |
| Mcafee Quickclean | =2004 | |
| Mcafee Quickclean | =2006 | |
| McAfee Internet Security Suite | =2006 | |
| Mcafee Antispyware | =2006 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.eeye.com/html/research/upcoming/20060719.html
- http://www.securityfocus.com/bid/19265
- http://secunia.com/advisories/21264
- http://ts.mcafeehelp.com/faq3.asp?docid=407052
- http://securitytracker.com/id?1016614
- http://www.eeye.com/html/research/advisories/AD2006807.html
- http://www.kb.cert.org/vuls/id/481212
- http://www.osvdb.org/27698
- http://www.vupen.com/english/advisories/2006/3096
- http://www.securityfocus.com/archive/1/442495/100/100/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/author
- agent/type
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- agent/event
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/mcafee
- canonical/mcafee privacy service
- version/mcafee privacy service/2005
- canonical/mcafee spamkiller
- version/mcafee spamkiller/7.0
- canonical/mcafee internet security suite
- version/mcafee internet security suite/2005
- canonical/mcafee virusscan
- version/mcafee virusscan/2006
- canonical/mcafee personal firewall plus
- version/mcafee personal firewall plus/2005
- version/mcafee virusscan/2004
- version/mcafee spamkiller/6.0
- version/mcafee spamkiller/5.0
- canonical/mcafee security center
- version/mcafee security center/6.0.22
- canonical/mcafee antispyware
- version/mcafee antispyware/2005
- version/mcafee personal firewall plus/2004
- canonical/mcafee quickclean
- version/mcafee quickclean/2005
- version/mcafee privacy service/2006
- version/mcafee security center/6.0
- version/mcafee security center/6.0.23
- version/mcafee virusscan/2005
- canonical/mcafee wireless home network security
- version/mcafee wireless home network security/2006
- version/mcafee privacy service/2004
- version/mcafee personal firewall plus/2006
- version/mcafee internet security suite/2004
- version/mcafee security center/4.3
- version/mcafee quickclean/2004
- version/mcafee quickclean/2006
- version/mcafee internet security suite/2006
- version/mcafee antispyware/2006