CVE-2006-3961

critical

Description

Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf.

References

http://www.vupen.com/english/advisories/2006/3096

http://www.securityfocus.com/bid/19265

http://www.securityfocus.com/archive/1/442495/100/100/threaded

http://www.osvdb.org/27698

http://www.kb.cert.org/vuls/id/481212

http://www.eeye.com/html/research/upcoming/20060719.html

http://www.eeye.com/html/research/advisories/AD2006807.html

http://ts.mcafeehelp.com/faq3.asp?docid=407052

http://securitytracker.com/id?1016614

http://secunia.com/advisories/21264

Details

Source: Mitre, NVD

Published: 2006-08-01

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.71488