Vulnerabilities > CVE-2006-3893 - Buffer Overflow vulnerability in Newtone ImageKit ActiveX

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

casio

newtone

critical

NVD

Published: 2006-12-04

Updated: 2017-07-20

Summary

Multiple buffer overflows in the ActiveX controls in Newtone ImageKit 5 before Fix 30 and 6 before Fix 40, as used in CASIO Photo Loader software before 3.01 and possibly other software, allow remote attackers to execute arbitrary code via a crafted HTML document. This vulnerability is addressed in the following product releases: Newtone, ImageKit, 5 Fix 30 Newtone, ImageKit, 6 Fix 41 Casio, Photo Loader, 3.01

Vulnerable Configurations

Part	Description	Count
Application	Casio Casio Photo Loader 3.00	1
Application	Newtone Newtone Imagekit 5_Fix_29 Newtone Imagekit 6_Fix_40	2

References

http://secunia.com/advisories/23286
http://www.kb.cert.org/vuls/id/210697
http://www.securityfocus.com/bid/21375
http://www.vupen.com/english/advisories/2006/4794
http://www.vupen.com/english/advisories/2006/4795
https://exchange.xforce.ibmcloud.com/vulnerabilities/30680