CVE-2006-2233 - OpenCVE

Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) 1.4.2.51817, and possibly 1.5.2.50209, allows remote attackers to execute arbitrary code via a long string in the first argument to SetBannerUrl. NOTE: portions of these details are obtained from third party information.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Banktown	Btcxctl20com Activex Control

Configuration 1 [-]

OR	cpe:2.3:a:banktown:btcxctl20com_activex_control:1.4.2.51817:::::::*
	cpe:2.3:a:banktown:btcxctl20com_activex_control:1.5.2.50209:::::::*

References

Link	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0037.html	Exploit
http://secunia.com/advisories/19942	Vendor Advisory
http://securityreason.com/securityalert/855
http://www.osvdb.org/25212
http://www.securityfocus.com/archive/1/432862/100/0/threaded
http://www.securityfocus.com/archive/1/433242/100/0/threaded
http://www.securityfocus.com/bid/17815	Exploit
http://www.vupen.com/english/advisories/2006/1638
https://exchange.xforce.ibmcloud.com/vulnerabilities/26214

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-05-05T19:00:00

Updated: 2018-10-18T14:57:01

Reserved: 2006-05-05T00:00:00

Link: CVE-2006-2233

JSON object: View

NVD Information

Status : Modified

Published: 2006-05-05T19:02:00.000

Modified: 2018-10-18T16:38:47.727

Link: CVE-2006-2233

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-05-03T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) 1.4.2.51817, and possibly 1.5.2.50209, allows remote attackers to execute arbitrary code via a long string in the first argument to SetBannerUrl. NOTE: portions of these details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "19942", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19942"}, {"name": "855", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/855"}, {"name": "17815", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17815"}, {"name": "ADV-2006-1638", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1638"}, {"name": "20060503 BankTown's ActiveX Buffer Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/432862/100/0/threaded"}, {"name": "20060503 BankTown's ActiveX Buffer Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0037.html"}, {"name": "20060508 Re: BankTown's ActiveX Buffer Overflow Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/433242/100/0/threaded"}, {"name": "25212", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/25212"}, {"name": "banktown-setbannerurl-bo(26214)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26214"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-2233", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) 1.4.2.51817, and possibly 1.5.2.50209, allows remote attackers to execute arbitrary code via a long string in the first argument to SetBannerUrl. NOTE: portions of these details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "19942", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19942"}, {"name": "855", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/855"}, {"name": "17815", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17815"}, {"name": "ADV-2006-1638", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1638"}, {"name": "20060503 BankTown's ActiveX Buffer Overflow Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/432862/100/0/threaded"}, {"name": "20060503 BankTown's ActiveX Buffer Overflow Vulnerability", "refsource": "FULLDISC", "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0037.html"}, {"name": "20060508 Re: BankTown's ActiveX Buffer Overflow Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/433242/100/0/threaded"}, {"name": "25212", "refsource": "OSVDB", "url": "http://www.osvdb.org/25212"}, {"name": "banktown-setbannerurl-bo(26214)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26214"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-2233", "datePublished": "2006-05-05T19:00:00", "dateReserved": "2006-05-05T00:00:00", "dateUpdated": "2018-10-18T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:banktown:btcxctl20com_activex_control:1.4.2.51817:*:*:*:*:*:*:*", "matchCriteriaId": "D448C299-8CAD-41F6-B9C4-FE401899B020", "vulnerable": true}, {"criteria": "cpe:2.3:a:banktown:btcxctl20com_activex_control:1.5.2.50209:*:*:*:*:*:*:*", "matchCriteriaId": "B943417A-AD6F-4B3E-8A55-A102DA3F39C2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) 1.4.2.51817, and possibly 1.5.2.50209, allows remote attackers to execute arbitrary code via a long string in the first argument to SetBannerUrl. NOTE: portions of these details are obtained from third party information."}], "id": "CVE-2006-2233", "lastModified": "2018-10-18T16:38:47.727", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-05-05T19:02:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0037.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19942"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/855"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/25212"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/432862/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/433242/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/17815"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/1638"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26214"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}