CVE-2006-2838

Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors. NOTE: By default, the connections are only allowed from the local host.

Published: Jun 6, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-2838
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.6
AV:N/AC:H/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
f-secure / f-secure_anti-virus	6.40	6.40.x
f-secure / internet_gatekeeper	6.42	6.42.x
f-secure / internet_gatekeeper	6.41	6.41.x
f-secure / internet_gatekeeper	6.4	6.4.x
f-secure / internet_gatekeeper	6.50	6.50.x

http://secunia.com/advisories/20407
http://securitytracker.com/id?1016196
http://securitytracker.com/id?1016197
http://www.f-secure.com/security/fsc-2006-3.shtml
http://www.vupen.com/english/advisories/2006/2076
https://exchange.xforce.ibmcloud.com/vulnerabilities/26799

Vulnerability Database

289,697

CVE-2006-2838