CVE-2006-3961

Mcafee Antispyware - Memory Corruption

Title source: rule

Description

Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16510

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by skape · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/mcafee_mcsubmgr_vsprintf.rb

View Code ZIP pw:eip

References (10)

[Patch, Vendor Advisory] http://secunia.com/advisories/21264

[Various Sources] http://ts.mcafeehelp.com/faq3.asp?docid=407052

[Various Sources] http://www.eeye.com/html/research/advisories/AD2006807.html

[Various Sources] http://www.eeye.com/html/research/upcoming/20060719.html

[US Government Resource] http://www.kb.cert.org/vuls/id/481212

[Patch] http://www.securityfocus.com/bid/19265

[Vendor Advisory] http://www.vupen.com/english/advisories/2006/3096

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/442495/100/100/threaded

[Third Party Advisory, VDB Entry] http://www.osvdb.org/27698

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1016614

Scores

EPSS 0.7149

EPSS Percentile 98.7%

Details

CWE

CWE-119

Status published

Products (25)

mcafee/antispyware 2005

mcafee/antispyware 2006

mcafee/internet_security_suite 2004

mcafee/internet_security_suite 2005

mcafee/internet_security_suite 2006

mcafee/personal_firewall_plus 2004

mcafee/personal_firewall_plus 2005

mcafee/personal_firewall_plus 2006

mcafee/privacy_service 2004

mcafee/privacy_service 2005

... and 15 more

Published Aug 01, 2006

Tracked Since Feb 18, 2026