Vulnerability Description
Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mcafee | Antispyware | 2005 |
| Mcafee | Internet Security Suite | 2004 |
| Mcafee | Personal Firewall Plus | 2004 |
| Mcafee | Privacy Service | 2004 |
| Mcafee | Quickclean | 2004 |
| Mcafee | Security Center | 4.3 |
| Mcafee | Spamkiller | 5.0 |
| Mcafee | Virusscan | 2004 |
| Mcafee | Wireless Home Network Security | 2006 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/21264PatchVendor Advisory
- http://securitytracker.com/id?1016614
- http://ts.mcafeehelp.com/faq3.asp?docid=407052
- http://www.eeye.com/html/research/advisories/AD2006807.html
- http://www.eeye.com/html/research/upcoming/20060719.html
- http://www.kb.cert.org/vuls/id/481212US Government Resource
- http://www.osvdb.org/27698
- http://www.securityfocus.com/archive/1/442495/100/100/threaded
- http://www.securityfocus.com/bid/19265Patch
- http://www.vupen.com/english/advisories/2006/3096Vendor Advisory
- http://secunia.com/advisories/21264PatchVendor Advisory
- http://securitytracker.com/id?1016614
- http://ts.mcafeehelp.com/faq3.asp?docid=407052
- http://www.eeye.com/html/research/advisories/AD2006807.html
- http://www.eeye.com/html/research/upcoming/20060719.html
FAQ
What is CVE-2006-3961?
CVE-2006-3961 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy...
How severe is CVE-2006-3961?
CVE-2006-3961 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3961?
Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Antispyware, Mcafee Internet Security Suite, Mcafee Personal Firewall Plus, Mcafee Privacy Service, Mcafee Quickclean.