Vulnerability Report

CVE-2006-4842

Title: Netscape Portable Runtime Api Improper Input Validation

Input Validation Error

Proof Of Concept

PoC Available for CVE-2006-4842

CWE Category CWE-20

Published Date Oct 12, 2006

Modified Date Apr 23, 2026

Exploit Status Available

Score 3.6 CVSS v2.0

Exploit Probability (EPSS)

11.38%

Vulnerability Summary

CVE-2006-4842: The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.

Impacted Vendors

netscape 1

Reference Links

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=418 http://secunia.com/advisories/22348 http://securitytracker.com/id?1017050 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102658-1 http://www.securityfocus.com/archive/1/448691/100/0/threaded http://www.securityfocus.com/bid/20471 http://www.vupen.com/english/advisories/2006/4016 https://exchange.xforce.ibmcloud.com/vulnerabilities/29489 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1819 https://www.exploit-db.com/exploits/45433/ http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=418 http://secunia.com/advisories/22348 http://securitytracker.com/id?1017050 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102658-1 http://www.securityfocus.com/archive/1/448691/100/0/threaded http://www.securityfocus.com/bid/20471 http://www.vupen.com/english/advisories/2006/4016 https://exchange.xforce.ibmcloud.com/vulnerabilities/29489 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1819 https://www.exploit-db.com/exploits/45433/

CVSS v2.0

Source Entity [email protected]

Severity LOW

3.6

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:L/AC:L/Au:N/C:N/I:P/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2006-4842 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/45433

View Code

Exploit-DB https://www.exploit-db.com/exploits/2641

View Code

Exploit-DB https://www.exploit-db.com/exploits/2543

View Code

Exploit-DB https://www.exploit-db.com/exploits/2569

View Code

Exploit-DB https://www.exploit-db.com/exploits/28788

View Code

Exploit-DB https://www.exploit-db.com/exploits/28789

View Code

April 23, 2026 MODIFIED

Vulnerability data updated via NVD.

April 09, 2025 MODIFIED

Vulnerability data or affected products updated.

October 12, 2006 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:L/AC:L/Au:N/C:N/I:P/A:P

Affected Stack

No specific products linked.