Vulnerability Name:

CVE-2006-1900 (CCN-25791)

Assigned:2006-04-14
Published:2006-04-14
Updated:2018-10-18
Summary:Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in (1) the COMPACT attribute of the COLGROUP element, (2) the ROWS attribute of the TEXTAREA element, and (3) the COLOR attribute of the LEGEND element; and via other unspecified attack vectors consisting of "dozens of possible snippets."
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Wed Apr 12 2006 - 18:31:32 CDT
[BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4

Source: CCN
Type: BugTraq Mailing List, Wed Apr 12 2006 - 18:59:17 CDT
[BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4 #2

Source: MITRE
Type: CNA
CVE-2006-1900

Source: MISC
Type: Exploit, Vendor Advisory
http://morph3us.org/advisories/20060412-amaya-94-2.txt

Source: MISC
Type: Exploit, Vendor Advisory
http://morph3us.org/advisories/20060412-amaya-94.txt

Source: CCN
Type: SA19670
Amaya Attribute Value Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
19670

Source: OSVDB
Type: Patch
24623

Source: OSVDB
Type: Patch
24624

Source: CCN
Type: OSVDB ID: 24623
Amaya textarea rows Attribute Value Overflow

Source: CCN
Type: OSVDB ID: 24624
Amaya legend color Attribute Value Overflow

Source: BUGTRAQ
Type: UNKNOWN
20060412 [BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4

Source: BUGTRAQ
Type: UNKNOWN
20060412 [BuHa-Security] Stack Based Buffer Overflow Vulnerability in Amaya 9.4 #2

Source: BID
Type: Exploit
17507

Source: CCN
Type: BID-17507
W3C Amaya Multiple Remote Buffer Overflow Vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2006-1351

Source: CCN
Type: Amaya Web page
Amaya Home Page

Source: XF
Type: UNKNOWN
amaya-various-attribute-bo(25791)

Source: XF
Type: UNKNOWN
amaya-various-attribute-bo(25791)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:w3c:amaya:9.4:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:w3c:amaya:9.4:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    w3c amaya 9.4
    w3c amaya 9.4