exploitDog

CVE-2006-3423

Опубликовано: 07 июл. 2006

Источник: nvd

CVSS2: 9.3

EPSS Средний

Описание

WebEx Downloader ActiveX Control and WebEx Downloader Java before 2.1.0.0 do not validate downloaded components, which allows remote attackers to execute arbitrary code via a website that activates the GpcUrlRoot and GpcIniFileName ActiveX controls to cause the client to download a DLL file.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:webex_communications:downloader_activexcontrol:2.0.0.7:*:*:*:*:*:*:*

cpe:2.3:a:webex_communications:downloader_java:2.0.0.9:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.13082

Средний

9.3 Critical

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-p7vw-qcv8-v2m6

github

почти 4 года назад

WebEx Downloader ActiveX Control and WebEx Downloader Java before 2.1.0.0 do not validate downloaded components, which allows remote attackers to execute arbitrary code via a website that activates the GpcUrlRoot and GpcIniFileName ActiveX controls to cause the client to download a DLL file.

EPSS

Процентиль: 94%

0.13082

Средний

9.3 Critical

CVSS2

Дефекты

CWE-20