Vulnerability Details : CVE-2006-4801

Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and possibly other products, allows local users to execute arbitrary code via temporary files, including dejavu_manual.rb, which are executed with raised privileges.

Vulnerability category: Execute code

Published 2006-09-14 22:07:00

Updated 2011-03-08 02:42:06

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2006-4801

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2006-4801

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
6.2	MEDIUM	AV:L/AC:H/Au:N/C:C/I:C/A:C	1.9	10.0	nvd@nist.gov
Access Vector: Local Access Complexity: High Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2006-4801

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2006-4801

http://www.netragard.com/pdfs/research/ROXIO_RACE_NETRAGARD-20060624.txt

Exploit;Vendor Advisory
http://www.vupen.com/english/advisories/2006/3608
http://www.securityfocus.com/bid/19955

Products affected by CVE-2006-4801

Roxio » Toast » Version: 7 Titanium Edition
cpe:2.3:a:roxio:toast:7:*:titanium:*:*:*:*:*
Matching versions