{"api_version":"1","generated_at":"2026-04-23T14:43:40+00:00","cve":"CVE-2006-6488","urls":{"html":"https://cve.report/CVE-2006-6488","api":"https://cve.report/api/cve/CVE-2006-6488.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-6488","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-6488"},"summary":{"title":"CVE-2006-6488","description":"Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2) Filter argument.","state":"PUBLISHED","assigner":"certcc","published_at":"2006-12-31 05:00:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/31228","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/31228","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/21849","name":"http://www.securityfocus.com/bid/21849","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"ICONICS Dialog Wrapper Module ActiveX Control Remote Stack Buffer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.vupen.com/english/advisories/2007/0025","name":"http://www.vupen.com/english/advisories/2007/0025","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/23583","name":"http://secunia.com/advisories/23583","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"ICONICS Dialog Wrapper Module ActiveX Control Buffer Overflow - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.kb.cert.org/vuls/id/251969","name":"http://www.kb.cert.org/vuls/id/251969","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"],"title":"VU#251969 - ICONICS Dialog Wrapper Module ActiveX control vulnerable to buffer overflow","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/32552","name":"http://osvdb.org/32552","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-6488","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-6488","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"6488","vulnerable":"1","versionEndIncluding":"8.4.165.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"iconics","cpe5":"dialog_wrapper_module_activex_control","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T20:26:46.520Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"21849","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/21849"},{"name":"VU#251969","tags":["third-party-advisory","x_refsource_CERT-VN","x_transferred"],"url":"http://www.kb.cert.org/vuls/id/251969"},{"name":"32552","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/32552"},{"name":"dialogwrapper-activex-bo(31228)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/31228"},{"name":"23583","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/23583"},{"name":"ADV-2007-0025","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2007/0025"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-01-02T00:00:00.000Z","descriptions":[{"lang":"en","value":"Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2) Filter argument."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-28T12:57:01.000Z","orgId":"37e5125f-f79b-445b-8fad-9564f167944b","shortName":"certcc"},"references":[{"name":"21849","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/21849"},{"name":"VU#251969","tags":["third-party-advisory","x_refsource_CERT-VN"],"url":"http://www.kb.cert.org/vuls/id/251969"},{"name":"32552","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/32552"},{"name":"dialogwrapper-activex-bo(31228)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/31228"},{"name":"23583","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/23583"},{"name":"ADV-2007-0025","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2007/0025"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cert@cert.org","ID":"CVE-2006-6488","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2) Filter argument."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"21849","refsource":"BID","url":"http://www.securityfocus.com/bid/21849"},{"name":"VU#251969","refsource":"CERT-VN","url":"http://www.kb.cert.org/vuls/id/251969"},{"name":"32552","refsource":"OSVDB","url":"http://osvdb.org/32552"},{"name":"dialogwrapper-activex-bo(31228)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/31228"},{"name":"23583","refsource":"SECUNIA","url":"http://secunia.com/advisories/23583"},{"name":"ADV-2007-0025","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/0025"}]}}}},"cveMetadata":{"assignerOrgId":"37e5125f-f79b-445b-8fad-9564f167944b","assignerShortName":"certcc","cveId":"CVE-2006-6488","datePublished":"2007-01-03T20:00:00.000Z","dateReserved":"2006-12-12T00:00:00.000Z","dateUpdated":"2024-08-07T20:26:46.520Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2006-12-31 05:00:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:iconics:dialog_wrapper_module_activex_control:*:*:*:*:*:*:*:*","versionEndIncluding":"8.4.165.0","matchCriteriaId":"87AF3515-F674-4EA3-82E8-91ECE2DAA80F"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"6488","Ordinal":"1","Title":"CVE-2006-6488","CVE":"CVE-2006-6488","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"6488","Ordinal":"1","NoteData":"Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2) Filter argument.","Type":"Description","Title":"CVE-2006-6488"},{"CveYear":"2006","CveId":"6488","Ordinal":"2","NoteData":"2007-01-03","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"6488","Ordinal":"3","NoteData":"2017-07-28","Type":"Other","Title":"Modified"}]}}}