Vulnerabilities > CVE-2006-2086 - Remote Buffer Overflow vulnerability in Juniper SSL-VPN Client ActiveX Control
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute arbitrary code via a long argument in the ProductName parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Juniper SSL-VPN IVE JuniperSetupDLL.dll ActiveX Control Buffer Overflow. CVE-2006-2086. Remote exploit for windows platform |
| id | EDB-ID:16568 |
| last seen | 2016-02-02 |
| modified | 2010-05-09 |
| published | 2010-05-09 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/16568/ |
| title | Juniper SSL-VPN IVE JuniperSetupDLL.dll ActiveX Control Buffer Overflow |
Metasploit
| description | This module exploits a stack buffer overflow in the JuniperSetupDLL.dll library which is called by the JuniperSetup.ocx ActiveX control, as part of the Juniper SSL-VPN (IVE) appliance. By specifying an overly long string to the ProductName object parameter, the stack is overwritten. |
| id | MSF:EXPLOIT/WINDOWS/BROWSER/JUNIPER_SSLVPN_IVE_SETUPDLL |
| last seen | 2020-06-13 |
| modified | 2017-11-08 |
| published | 2009-07-30 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/juniper_sslvpn_ive_setupdll.rb |
| title | Juniper SSL-VPN IVE JuniperSetupDLL.dll ActiveX Control Buffer Overflow |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/83003/juniper_sslvpn_ive_setupdll.rb.txt |
| id | PACKETSTORM:83003 |
| last seen | 2016-12-05 |
| published | 2009-11-26 |
| reporter | patrick |
| source | https://packetstormsecurity.com/files/83003/Juniper-SSL-VPN-IVE-JuniperSetupDLL.dll-ActiveX-Control-Buffer-Overflow.html |
| title | Juniper SSL-VPN IVE JuniperSetupDLL.dll ActiveX Control Buffer Overflow |
References
- http://secunia.com/advisories/19842
- http://securityreason.com/securityalert/819
- http://securitytracker.com/id?1016000
- http://www.eeye.com/html/research/advisories/AD20060424.html
- http://www.juniper.net/support/security/alerts/PSN-2006-03-013.txt
- http://www.kb.cert.org/vuls/id/477604
- http://www.osvdb.org/25001
- http://www.securityfocus.com/archive/1/432155/100/0/threaded
- http://www.securityfocus.com/bid/17712
- http://www.vupen.com/english/advisories/2006/1543
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26077