Vulnerabilities > CVE-2006-5278 - Heap Buffer Overflow vulnerability in Cisco products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow.
Vulnerable Configurations
References
- http://secunia.com/advisories/26043
- http://securitytracker.com/id?1018369
- http://www.cisco.com/warp/public/707/cisco-sa-20070711-cucm.shtml
- http://www.iss.net/threats/271.html
- http://www.osvdb.org/36121
- http://www.securityfocus.com/bid/24868
- http://www.vupen.com/english/advisories/2007/2512
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19057