CVE-2006-0968

Published Mar 2, 2006

Last updated 6 years ago

Overview

Description: The ncprwsnt service in NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to execute arbitrary code by modifying the connect.bat script, which is automatically executed by the service after a connection is established.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ncp_network_communications:secure_client:8.11_build_146:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1EAEBC12-E164-45AE-98AD-BF746BC4B425"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References