CVE-2006-1900

W3C Amaya 9.4 - Buffer Overflow via Long Attribute Values

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-1900. PoCs published by Thomas Waldegger.

AI-analyzed exploit summary The provided text describes a buffer overflow vulnerability in W3C Amaya 9.4, but does not include functional exploit code. It references a SecurityFocus BID and outlines the vulnerability's impact.

Description

Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in (1) the COMPACT attribute of the COLGROUP element, (2) the ROWS attribute of the TEXTAREA element, and (3) the COLOR attribute of the LEGEND element; and via other unspecified attack vectors consisting of "dozens of possible snippets."

Exploits (2)

exploitdb WRITEUP VERIFIED
by Thomas Waldegger · textdosmultiple
https://www.exploit-db.com/exploits/27639

The provided text describes a buffer overflow vulnerability in W3C Amaya 9.4, but does not include functional exploit code. It references a SecurityFocus BID and outlines the vulnerability's impact.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Theoretical
Reliability
Theoretical
Target: W3C Amaya 9.4
No auth needed
Prerequisites: Vulnerable version of W3C Amaya
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Thomas Waldegger · textdosmultiple
https://www.exploit-db.com/exploits/27640

The provided text is a vulnerability writeup for CVE-2006-1900, describing multiple remote buffer-overflow vulnerabilities in W3C Amaya version 9.4. It lacks exploit code but details the issue and potential impact.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Theoretical
Reliability
Theoretical
Target: W3C Amaya 9.4
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1351
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/430877/100/0/threaded
Exploit, Vendor Advisory x_refsource_misc
http://morph3us.org/advisories/20060412-amaya-94.txt
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19670
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/17507
Patch vdb-entry x_refsource_osvdb
http://www.osvdb.org/24624
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25791
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/430879/100/0/threaded
Patch vdb-entry x_refsource_osvdb
http://www.osvdb.org/24623
Exploit, Vendor Advisory x_refsource_misc
http://morph3us.org/advisories/20060412-amaya-94-2.txt

Scores

EPSS 0.1655
EPSS Percentile 96.6%

Details

Status published
Products (1)
w3c/amaya 9.4
Published Apr 20, 2006
Tracked Since Feb 18, 2026