Follow @discotekdotca
CVE-2006-6490
Current Description
Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message.
Basic Data
| Published | February 22, 2007 |
|---|---|
| Last Modified | October 17, 2018 |
| Assigner | cve@mitre.org |
| Data Type | CVE |
| Data Format | MITRE |
| Data Version | 4.0 |
| Problem Type | NVD-CWE-Other |
| CVE Data Version | 4.0 |
Base Metric V2
| CVSS 2 - Version | 2.0 |
|---|---|
| CVSS 2 - Vector String | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| CVSS 2 - Access Vector | NETWORK |
| CVSS 2 - Access Complexity | LOW |
| CVSS 2 - Authentication | NONE |
| CVSS 2 - Confidentiality Impact | COMPLETE |
| CVSS 2 - Availability Impact | COMPLETE |
| CVSS 2 - Base Score | 10.0 |
| Severity | HIGH |
| Exploitability Score | 10.0 |
| Impact Score | 10.0 |
| Obtain All Privilege | true |
| Obtain User Privilege | false |
| Obtain Other Privilege | false |
Base Metric V3
No data provided.
Configurations
-
OR - Configuration 1
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 Application Supportsoft Scriptrunner * * * * * * * * � � � � 2.3 Application Supportsoft Smartissue * * * * * * * * � � � � 2.3 Application Symantec Automated Support Assistant * * * * * * * * � � � � 2.3 Application Symantec Norton Antivirus 2006 * * * * * * * � � � � 2.3 Application Symantec Norton Internet Security 2006 * * * * * * * � � � � 2.3 Application Symantec Norton System Works 2006 * * * * * * * � � � �
Vulnerable Software List
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Norton Antivirus | 2006 |
| Symantec | Automated Support Assistant | * |
| Symantec | Norton Internet Security | 2006 |
| Symantec | Norton System Works | 2006 |
| Supportsoft | Scriptrunner | * |
| Supportsoft | Smartissue | * |
References
| Name | Source | URL | Tags |
|---|---|---|---|
| 20070223 Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support | http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html | BUGTRAQ | |
| 20070222 Multiple Vendor SupportSoft SmartIssue ActiveX Control Buffer Overflow Vulnerability | http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478 | IDEFENSE | |
| 33481 | http://osvdb.org/33481 | OSVDB | |
| 33482 | http://osvdb.org/33482 | OSVDB | |
| 24246 | http://secunia.com/advisories/24246 | SECUNIA | |
| 24251 | http://secunia.com/advisories/24251 | SECUNIA | |
| VU#441785 | http://www.kb.cert.org/vuls/id/441785 | CERT-VN | US Government Resource |
| 20070223 Re: Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support | http://www.securityfocus.com/archive/1/461147/100/0/threaded | BUGTRAQ | |
| 22564 | http://www.securityfocus.com/bid/22564 | BID | |
| 1017688 | http://www.securitytracker.com/id?1017688 | SECTRACK | |
| 1017689 | http://www.securitytracker.com/id?1017689 | SECTRACK | |
| 1017690 | http://www.securitytracker.com/id?1017690 | SECTRACK | |
| 1017691 | http://www.securitytracker.com/id?1017691 | SECTRACK | |
| http://www.symantec.com/avcenter/security/Content/2007.02.22.html | http://www.symantec.com/avcenter/security/Content/2007.02.22.html | CONFIRM | Patch |
| ADV-2007-0703 | http://www.vupen.com/english/advisories/2007/0703 | VUPEN | |
| ADV-2007-0704 | http://www.vupen.com/english/advisories/2007/0704 | VUPEN | |
| supportsoft-activex-multiple-bo(32636) | https://exchange.xforce.ibmcloud.com/vulnerabilities/32636 | XF |