CVE-2006-6490

Current Description

Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message.

Basic Data

PublishedFebruary 22, 2007
Last ModifiedOctober 17, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationSupportsoftScriptrunner********
    2.3ApplicationSupportsoftSmartissue********
    2.3ApplicationSymantecAutomated Support Assistant********
    2.3ApplicationSymantecNorton Antivirus2006*******
    2.3ApplicationSymantecNorton Internet Security2006*******
    2.3ApplicationSymantecNorton System Works2006*******

Vulnerable Software List

VendorProductVersions
Symantec Norton Antivirus 2006
Symantec Automated Support Assistant *
Symantec Norton Internet Security 2006
Symantec Norton System Works 2006
Supportsoft Scriptrunner *
Supportsoft Smartissue *

References

NameSourceURLTags
20070223 Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Supporthttp://archives.neohapsis.com/archives/bugtraq/2007-02/0454.htmlBUGTRAQ
20070222 Multiple Vendor SupportSoft SmartIssue ActiveX Control Buffer Overflow Vulnerabilityhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478IDEFENSE
33481http://osvdb.org/33481OSVDB
33482http://osvdb.org/33482OSVDB
24246http://secunia.com/advisories/24246SECUNIA
24251http://secunia.com/advisories/24251SECUNIA
VU#441785http://www.kb.cert.org/vuls/id/441785CERT-VNUS Government Resource
20070223 Re: Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Supporthttp://www.securityfocus.com/archive/1/461147/100/0/threadedBUGTRAQ
22564http://www.securityfocus.com/bid/22564BID
1017688http://www.securitytracker.com/id?1017688SECTRACK
1017689http://www.securitytracker.com/id?1017689SECTRACK
1017690http://www.securitytracker.com/id?1017690SECTRACK
1017691http://www.securitytracker.com/id?1017691SECTRACK
http://www.symantec.com/avcenter/security/Content/2007.02.22.htmlhttp://www.symantec.com/avcenter/security/Content/2007.02.22.htmlCONFIRMPATCH
ADV-2007-0703http://www.vupen.com/english/advisories/2007/0703VUPEN
ADV-2007-0704http://www.vupen.com/english/advisories/2007/0704VUPEN
supportsoft-activex-multiple-bo(32636)https://exchange.xforce.ibmcloud.com/vulnerabilities/32636XF