Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and possibly other products, allows local users to execute arbitrary code via temporary files, including dejavu_manual.rb, which are executed with raised privileges.
References
| Link | Resource |
|---|---|
| http://secunia.com/advisories/21867 | Vendor Advisory |
| http://www.netragard.com/pdfs/research/ROXIO_RACE_NETRAGARD-20060624.txt | Exploit Vendor Advisory |
| http://www.securityfocus.com/bid/19955 | |
| http://www.vupen.com/english/advisories/2006/3608 | |
| http://secunia.com/advisories/21867 | Vendor Advisory |
| http://www.netragard.com/pdfs/research/ROXIO_RACE_NETRAGARD-20060624.txt | Exploit Vendor Advisory |
| http://www.securityfocus.com/bid/19955 | |
| http://www.vupen.com/english/advisories/2006/3608 |
Configurations
History
No history.
Information
Published : 2006-09-14 22:07
Updated : 2025-04-03 01:03
NVD link : CVE-2006-4801
Mitre link : CVE-2006-4801
CVE.ORG link : CVE-2006-4801
JSON object : View
Products Affected
roxio
- toast
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')