CVE-2006-3961

McAfee Security Center 6.0.23 - Buffer Overflow via mcsubmgr.dll Long String Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-3961. PoCs published by Metasploit, skape, including Metasploit module exploits/windows/browser/mcafee_mcsubmgr_vsprintf.

AI-analyzed exploit summary This exploit targets a stack buffer overflow in the McAfee Subscription Manager ActiveX control via an unsafe use of vsprintf. It delivers a payload through a malicious HTML page, triggering the vulnerability in the IsAppExpired method.

Description

Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16510

This exploit targets a stack buffer overflow in the McAfee Subscription Manager ActiveX control via an unsafe use of vsprintf. It delivers a payload through a malicious HTML page, triggering the vulnerability in the IsAppExpired method.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: McAfee Subscription Manager ActiveX control
No auth needed
Prerequisites: Victim must visit a malicious webpage or open a malicious HTML file · ActiveX control must be installed and enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by skape · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/mcafee_mcsubmgr_vsprintf.rb

This Metasploit module exploits a stack buffer overflow in McAfee Subscription Manager's ActiveX control via an unsafe vsprintf usage. It triggers the vulnerability by passing a large string to the IsAppExpired method, leading to arbitrary code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: McAfee Subscription Manager ActiveX control
No auth needed
Prerequisites: Victim must visit a malicious web page hosting the exploit · ActiveX control must be installed and enabled
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (10)

Core 10
Core References
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19265
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1016614
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/442495/100/100/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/27698
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3096
Various Sources x_refsource_confirm
http://ts.mcafeehelp.com/faq3.asp?docid=407052
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21264
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/481212

Scores

EPSS 0.7149
EPSS Percentile 98.8%

Details

CWE
CWE-119
Status published
Products (25)
mcafee/antispyware 2005
mcafee/antispyware 2006
mcafee/internet_security_suite 2004
mcafee/internet_security_suite 2005
mcafee/internet_security_suite 2006
mcafee/personal_firewall_plus 2004
mcafee/personal_firewall_plus 2005
mcafee/personal_firewall_plus 2006
mcafee/privacy_service 2004
mcafee/privacy_service 2005
... and 15 more
Published Aug 01, 2006
Tracked Since Feb 18, 2026