Vulnerabilities > CVE-2006-2273 - Remote Buffer Overflow vulnerability in Verisign i-Nav ActiveX Control

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

verisign

critical

nessus

NVD

Published: 2006-05-12

Updated: 2018-10-18

Summary

The InstallProduct routine in the Verisign VUpdater.Install (aka i-Nav) ActiveX control does not verify Microsoft Cabinet (.CAB) files, which allows remote attackers to run an arbitrary executable file.

Vulnerable Configurations

Part	Description	Count
Application	Verisign Verisign I NAV *	1

Nessus

NASL family	Windows
NASL id	VUPDATER_INSTALL_ACTIVEX_OVERFLOW.NASL
description	The remote host contains an ActiveX control,
last seen	2020-06-01
modified	2020-06-02
plugin id	21336
published	2006-05-11
reporter	This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/21336
title	I-Nav VUpdater.Install ActiveX Buffer Overflow

Summary

Vulnerable Configurations

Nessus

References