返回 CVE 浏览器

CVE-2006-1900

HIGH

7.6

CVSS Severity Score

EPSS Score0.0240%

EPSS Percentile4.16th

Published2006年4月20日

Last Modified2026年4月16日

Vulnerability Description

Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in (1) the COMPACT attribute of the COLGROUP element, (2) the ROWS attribute of the TEXTAREA element, and (3) the COLOR attribute of the LEGEND element; and via other unspecified attack vectors consisting of "dozens of possible snippets."

Affected Platforms (CPE)

📦

W3c

Amaya

= 9.4

References & Advisories

🔗 http://morph3us.org/advisories/20060412-amaya-94-2.txt

🔗 http://morph3us.org/advisories/20060412-amaya-94.txt

🔗 http://secunia.com/advisories/19670

🔗 http://www.osvdb.org/24623

🔗 http://www.osvdb.org/24624

🔗 http://www.securityfocus.com/archive/1/430877/100/0/threaded

🔗 http://www.securityfocus.com/archive/1/430879/100/0/threaded

🔗 http://www.securityfocus.com/bid/17507

相关漏洞威胁

CVE-2009-032310.0

Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 and 11.0 allow remote attackers to execute arbitrary code via ...

CVE-2008-528210.0

Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a l...

CVE-2008-600510.0

Multiple buffer overflows in the CheckUniqueName function in W3C Amaya Web Browser 10.0.1, and possibly other versions including 1...

CVE-2009-12099.3

Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remote attackers to execute arbitrary code via a script tag with ...