CVE-2006-5156

Exp

Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header.

Published: 2006-10-05 Last update: 2026-04-23 Assigner: [email protected] Source: [email protected]

NVD Status：Modified，CVE State: published

View at NVD, CVE.org, EUVD

Threat Intelligence & Risk Assessment for CVE-2006-5156

EPSS CVSS Exploit-DB Affected OS Tracker

Conclusion & alert: CVE-2006-5156 is rated High Exploit Risk (88.3/100): CVSS Critical severity, with high exploitation likelihood (EPSS 82.27%, 99th percentile). Core evidence: 4 public exploit reference(s) are indexed (Exploit-DB). Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2006-5156

EDB-ID	Source	Kind	Published	Link
16783	exploit_db	edb	2010-09-20	Exploit-DB ↗
2467	exploit_db	edb	2006-10-01	Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2006-5156

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-05-14	83.74%	82.27%	-1.47%
2	2026-04-24	82.96%	83.74%	+0.78%
3	2025-09-05	—	82.96%	—

Full EPSS history (18 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2006-5156

CVSS metrics for this CVE.

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
10.0	2.0	HIGH	`AV:N/AC:L/Au:N/C:C/I:C/A:C` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:C) Complete confidentiality impact. Integrity impact (I:C) Complete integrity impact. Availability impact (A:C) Complete availability impact.	10.0	10.0	[email protected]

Weakness enumeration for CVE-2006-5156

OS Trackers for CVE-2006-5156

vendor	priority	summary	link
`alpine`	—	CVE-2006-5156: no source package rows; 0 state rows across 0 repos (none); fixed 0, open 0.	https://security.alpinelinux.org/vuln/CVE-2006-5156

Affected software / configurations for CVE-2006-5156

Vendor	Product	Version	Raw CPE
mcafee	epolicy_orchestrator	3.0	cpe:2.3:a:mcafee:epolicy_orchestrator:3.0:::::::*
mcafee	epolicy_orchestrator	3.0	cpe:2.3:a:mcafee:epolicy_orchestrator:3.0:sp2a::::::
mcafee	epolicy_orchestrator	3.5.0	cpe:2.3:a:mcafee:epolicy_orchestrator:3.5.0:::::::*
mcafee	protectionpilot	1.1.1	cpe:2.3:a:mcafee:protectionpilot:1.1.1:::::::*

References for CVE-2006-5156

URL	Tags
http://download.nai.com/products/patches/ePO/v3.5/EPO3506.txt	Patch
http://download.nai.com/products/patches/protectionpilot/v1.1.1/PRP1113.txt	Patch
http://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&externalId=8611438&sliceId=SAL_Public&dialogID=2997768&stateId=0%200%202995803	Patch
http://knowledge.mcafee.com/article/365/8611438_f.SAL_Public.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/049803.html
http://secunia.com/advisories/22222	Vendor Advisory
http://securitytracker.com/id?1016970
http://securitytracker.com/id?1016971
http://www.kb.cert.org/vuls/id/842452	US Government Resource
http://www.osvdb.org/29421
http://www.remote-exploit.org/advisories/mcafee-epo.pdf	Exploit
http://www.securityfocus.com/bid/20288	Exploit Patch
http://www.vupen.com/english/advisories/2006/3861
https://exchange.xforce.ibmcloud.com/vulnerabilities/29307

cvelogic Threat Intelligence