CVE-2006-6707

NeoTrace Express <3.25 - RCE

Title source: llm

Description

Stack-based buffer overflow in the NeoTraceExplorer.NeoTraceLoader ActiveX control (NeoTraceExplorer.dll) in NeoTrace Express 3.25 and NeoTrace Pro (aka McAfee Visual Trace) 3.25 allows remote attackers to execute arbitrary code via a long argument string to the TraceTarget method. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16538

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by nitr0us · htmlremotewindows

https://www.exploit-db.com/exploits/4158

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/mcafeevisualtrace_tracetarget.rb

View Code ZIP pw:eip

References (2)

[Vendor Advisory] http://secunia.com/advisories/23463

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/21697

Scores

EPSS 0.7593

EPSS Percentile 98.9%

Details

Status published

Products (2)

mcafee/neotrace 3.25 (2 CPE variants)

mcafee/visual_trace 3.25

Published Dec 23, 2006

Tracked Since Feb 18, 2026