Vulnerability Details : CVE-2006-4133
Heap-based buffer overflow in SAP Internet Graphics Service (IGS) 6.40 and earlier, and 7.00 and earlier, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via an HTTP request with an ADM:GETLOGFILE command and a long portwatcher argument, which triggers the overflow during error message construction when the _snprintf function returns a negative value that is used in a memcpy operation.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2006-4133
- cpe:2.3:a:sap:internet_graphics_server:6.40:*:*:*:*:*:*:*
- cpe:2.3:a:sap:internet_graphics_server:7.00_patch_3:*:*:*:*:*:*:*
- cpe:2.3:a:sap:internet_graphics_server:6.40_patch_11:*:*:*:*:*:*:*
- cpe:2.3:a:sap:internet_graphics_server:6.40_patch_15:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-4133
28.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-4133
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2006-4133
-
http://securitytracker.com/id?1017534
-
http://www.kb.cert.org/vuls/id/259540
US Government Resource
-
http://securityreason.com/securityalert/1386
-
http://www.securityfocus.com/archive/1/442840/100/0/threaded
-
http://www.vupen.com/english/advisories/2006/3267
-
http://www.securityfocus.com/archive/1/457286/100/0/threaded
-
http://www.cybsec.com/vuln/CYBSEC-Security_Pre-Advisory_SAP_IGS_Remote_Buffer_Overflow.pdf
-
http://securitytracker.com/id?1016675
-
http://www.securityfocus.com/archive/1/472889/100/0/threaded
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/28334
-
http://www.securityfocus.com/bid/19470
Jump to