Vulnerabilities > CVE-2006-6707 - Remote Buffer Overflow vulnerability in Mcafee Neotrace and Visual Trace

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

mcafee

exploit available

metasploit

NVD

Published: 2006-12-23

Updated: 2008-09-05

Summary

Stack-based buffer overflow in the NeoTraceExplorer.NeoTraceLoader ActiveX control (NeoTraceExplorer.dll) in NeoTrace Express 3.25 and NeoTrace Pro (aka McAfee Visual Trace) 3.25 allows remote attackers to execute arbitrary code via a long argument string to the TraceTarget method. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerable Configurations

Part	Description	Count
Application	Mcafee Mcafee Neotrace 3.25 Mcafee Visual Trace 3.25	3

Exploit-Db

description	McAfee Visual Trace ActiveX Control Buffer Overflow. CVE-2006-6707. Remote exploit for windows platform
id	EDB-ID:16538
last seen	2016-02-02
modified	2010-09-20
published	2010-09-20
reporter	metasploit
source	https://www.exploit-db.com/download/16538/
title	McAfee Visual Trace ActiveX Control Buffer Overflow

Metasploit

description	This module exploits a stack buffer overflow in the McAfee Visual Trace 3.25 ActiveX Control (NeoTraceExplorer.dll 1.0.0.1). By sending an overly long string to the "TraceTarget()" method, an attacker may be able to execute arbitrary code.
id	MSF:EXPLOIT/WINDOWS/BROWSER/MCAFEEVISUALTRACE_TRACETARGET
last seen	2020-06-13
modified	2017-09-09
published	2007-07-08
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6707 http://secunia.com/advisories/23463
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/mcafeevisualtrace_tracetarget.rb
title	McAfee Visual Trace ActiveX Control Buffer Overflow

Packetstorm

data source	https://packetstormsecurity.com/files/download/83111/mcafeevisualtrace_tracetarget.rb.txt
id	PACKETSTORM:83111
last seen	2016-12-05
published	2009-11-26
reporter	MC
source	https://packetstormsecurity.com/files/83111/McAfee-Visual-Trace-ActiveX-Control-Buffer-Overflow.html
title	McAfee Visual Trace ActiveX Control Buffer Overflow

Summary

Vulnerable Configurations

Exploit-Db

Metasploit

Packetstorm

References