OpenCVE

Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local users to execute arbitrary code via a long VmdbDb parameter to the Initialize function.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Vmware	Workstation

Configuration 1 [-]

cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://securityreason.com/securityalert/2008
http://www.open-security.org/advisories/17
http://www.securityfocus.com/archive/1/452746/100/100/threaded
http://www.securityfocus.com/archive/1/452775/100/100/threaded
http://www.securityfocus.com/bid/19732
https://www.exploit-db.com/exploits/2264

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-12-10T02:00:00

Updated: 2024-08-07T20:26:46.060Z

Reserved: 2006-12-09T00:00:00

Link: CVE-2006-6410

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-12-10T02:28:00.000

Modified: 2024-11-21T00:22:37.283

Link: CVE-2006-6410

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-08-27T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local users to execute arbitrary code via a long VmdbDb parameter to the Initialize function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.open-security.org/advisories/17"}, {"name": "20061127 Re: VMware 5.5.1 Local Buffer Overflow (HTML Exploit)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/452775/100/100/threaded"}, {"name": "2264", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/2264"}, {"name": "19732", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19732"}, {"name": "2008", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2008"}, {"name": "20061126 VMware 5.5.1 Local Buffer Overflow (HTML Exploit)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/452746/100/100/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6410", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local users to execute arbitrary code via a long VmdbDb parameter to the Initialize function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.open-security.org/advisories/17", "refsource": "MISC", "url": "http://www.open-security.org/advisories/17"}, {"name": "20061127 Re: VMware 5.5.1 Local Buffer Overflow (HTML Exploit)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/452775/100/100/threaded"}, {"name": "2264", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/2264"}, {"name": "19732", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19732"}, {"name": "2008", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2008"}, {"name": "20061126 VMware 5.5.1 Local Buffer Overflow (HTML Exploit)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/452746/100/100/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:26:46.060Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.open-security.org/advisories/17"}, {"name": "20061127 Re: VMware 5.5.1 Local Buffer Overflow (HTML Exploit)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/452775/100/100/threaded"}, {"name": "2264", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/2264"}, {"name": "19732", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/19732"}, {"name": "2008", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2008"}, {"name": "20061126 VMware 5.5.1 Local Buffer Overflow (HTML Exploit)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/452746/100/100/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6410", "datePublished": "2006-12-10T02:00:00", "dateReserved": "2006-12-09T00:00:00", "dateUpdated": "2024-08-07T20:26:46.060Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:workstation:5.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "294B621F-6C1A-4571-AE13-49495680D255", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local users to execute arbitrary code via a long VmdbDb parameter to the Initialize function."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en un control ActiveX en VMWare 5.5.1 permite a atacantes locales ejecutar c\u00f3digo de su elecci\u00f3n mediante un par\u00e1metro largo VmdbDb en la funci\u00f3n Initialize."}], "id": "CVE-2006-6410", "lastModified": "2024-11-21T00:22:37.283", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-12-10T02:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2008"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.open-security.org/advisories/17"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/452746/100/100/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/452775/100/100/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/19732"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/2264"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2008"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.open-security.org/advisories/17"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/452746/100/100/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/452775/100/100/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/19732"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/2264"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}