Vulnerabilities > CVE-2006-3217 - Information Disclosure vulnerability in JaguarEdit ActiveX Control

CVSS 2.6 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

high complexity

jaguarsoft

NVD

Published: 2006-06-24

Updated: 2018-10-18

Summary

JaguarEditControl (JEdit) ActiveX Control 1.1.0.20 and earlier allows remote attackers to obtain sensitive information, such as the username and MAC and IP addresses, by setting the test field to certain values such as 2404 or 2790, then reading the information from the .JText field.

Vulnerable Configurations

Part	Description	Count
Application	Jaguarsoft Jaguarsoft Jaguaredit 1.1.0.18 Jaguarsoft Jaguaredit 1.1.0.19 Jaguarsoft Jaguaredit *	3

References

http://secunia.com/advisories/20759
http://securityreason.com/securityalert/1145
http://www.securityfocus.com/archive/1/437937/100/0/threaded
http://www.securityfocus.com/bid/18576
http://www.srlabs.net/bulten/JaguarEdit_2.htm
http://www.srlabs.net/bulten/source/Jaguar.htm
http://www.vupen.com/english/advisories/2006/2489
https://exchange.xforce.ibmcloud.com/vulnerabilities/27290