Vulnerability Description
Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in (1) the COMPACT attribute of the COLGROUP element, (2) the ROWS attribute of the TEXTAREA element, and (3) the COLOR attribute of the LEGEND element; and via other unspecified attack vectors consisting of "dozens of possible snippets."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| W3C | Amaya | 9.4 |
References
- http://morph3us.org/advisories/20060412-amaya-94-2.txtExploitVendor Advisory
- http://morph3us.org/advisories/20060412-amaya-94.txtExploitVendor Advisory
- http://secunia.com/advisories/19670PatchVendor Advisory
- http://www.osvdb.org/24623Patch
- http://www.osvdb.org/24624Patch
- http://www.securityfocus.com/archive/1/430877/100/0/threaded
- http://www.securityfocus.com/archive/1/430879/100/0/threaded
- http://www.securityfocus.com/bid/17507Exploit
- http://www.vupen.com/english/advisories/2006/1351
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25791
- http://morph3us.org/advisories/20060412-amaya-94-2.txtExploitVendor Advisory
- http://morph3us.org/advisories/20060412-amaya-94.txtExploitVendor Advisory
- http://secunia.com/advisories/19670PatchVendor Advisory
- http://www.osvdb.org/24623Patch
- http://www.osvdb.org/24624Patch
FAQ
What is CVE-2006-1900?
CVE-2006-1900 is a vulnerability with a CVSS score of 7.6 (HIGH). Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in (1)...
How severe is CVE-2006-1900?
CVE-2006-1900 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1900?
Check the references section above for vendor advisories and patch information. Affected products include: W3C Amaya.