CVE-2006-6293: Buffer Overflow
First published: Tue Dec 05 2006(Updated: )
Heap-based buffer overflow in FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remote attackers to execute arbitrary code via a crafted CHM file. NOTE: this issue has at least a partial overlap with CVE-2006-6294.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F-PROT Antivirus | =3.11b | |
| F-PROT Antivirus | =3.16b | |
| F-PROT Antivirus | =3.14 | |
| F-PROT Antivirus | =3.13a | |
| F-PROT Antivirus | =3.16c | |
| F-PROT Antivirus | =3.13 | |
| F-PROT Antivirus | =3.15 | |
| F-PROT Antivirus | =3.16e | |
| F-PROT Antivirus | =3.12c | |
| F-PROT Antivirus | =3.15a | |
| F-PROT Antivirus | =3.12a | |
| F-PROT Antivirus | =3.12b | |
| F-PROT Antivirus | <=4.6.6 | |
| F-PROT Antivirus | =3.16 | |
| F-PROT Antivirus | =3.14a | |
| F-PROT Antivirus | =3.14c | |
| F-PROT Antivirus | =3.16d | |
| F-PROT Antivirus | =3.14d | |
| F-PROT Antivirus | =3.16f | |
| F-PROT Antivirus | =3.12 | |
| F-PROT Antivirus | =3.15b | |
| F-PROT Antivirus | =3.14e | |
| F-PROT Antivirus | =3.14b | |
| F-PROT Antivirus | =3.12d | |
| F-PROT Antivirus | =3.16a |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://gleg.net/vulndisco_meta.shtml
- http://www.securityfocus.com/bid/21086
- http://www.osvdb.org/30406
- http://secunia.com/advisories/22879
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051096.html
- http://gleg.net/fprot.txt
- http://www.f-prot.com/news/gen_news/061201_release_unix467.html
- http://securitytracker.com/id?1017331
- http://security.gentoo.org/glsa/glsa-200612-12.xml
- http://secunia.com/advisories/23328
- http://www.vupen.com/english/advisories/2006/4830
- https://www.exploit-db.com/exploits/2893
- http://www.securityfocus.com/archive/1/453475/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-6293?
CVE-2006-6293 is classified as a high severity vulnerability due to its potential for remote code execution.
How do I fix CVE-2006-6293?
To fix CVE-2006-6293, update F-Prot Antivirus to version 4.6.7 or later.
What causes the CVE-2006-6293 vulnerability?
CVE-2006-6293 is caused by a heap-based buffer overflow when processing crafted CHM files.
Which versions of F-Prot Antivirus are affected by CVE-2006-6293?
CVE-2006-6293 affects F-Prot Antivirus versions prior to 4.6.7, including multiple earlier versions such as 3.11b and 3.16.
Is CVE-2006-6293 exploitable without user intervention?
No, CVE-2006-6293 requires user-assisted actions, such as opening a crafted CHM file, for exploitation.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/remedy
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/tags
- collector/nvd-historical
- vendor/f-prot
- product/f-prot antivirus
- canonical/f-prot f-prot antivirus
- agent/software-canonical-lookup-request
- collector/nvd-index
- canonical/f-prot antivirus
- version/f-prot antivirus/3.11b
- version/f-prot antivirus/3.16b
- version/f-prot antivirus/3.14
- version/f-prot antivirus/3.13a
- version/f-prot antivirus/3.16c
- version/f-prot antivirus/3.13
- version/f-prot antivirus/3.15
- version/f-prot antivirus/3.16e
- version/f-prot antivirus/3.12c
- version/f-prot antivirus/3.15a
- version/f-prot antivirus/3.12a
- version/f-prot antivirus/3.12b
- version/f-prot antivirus/4.6.6
- version/f-prot antivirus/3.16
- version/f-prot antivirus/3.14a
- version/f-prot antivirus/3.14c
- version/f-prot antivirus/3.16d
- version/f-prot antivirus/3.14d
- version/f-prot antivirus/3.16f
- version/f-prot antivirus/3.12
- version/f-prot antivirus/3.15b
- version/f-prot antivirus/3.14e
- version/f-prot antivirus/3.14b
- version/f-prot antivirus/3.12d
- version/f-prot antivirus/3.16a