CVE-2006-6490
Summary
| CVE | CVE-2006-6490 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2007-02-22 21:28:00 UTC |
| Updated | 2018-10-17 21:48:00 UTC |
| Description | Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Supportsoft | Scriptrunner | All | All | All | All |
| Application | Supportsoft | Scriptrunner | All | All | All | All |
| Application | Supportsoft | Smartissue | All | All | All | All |
| Application | Supportsoft | Smartissue | All | All | All | All |
| Application | Symantec | Automated Support Assistant | All | All | All | All |
| Application | Symantec | Automated Support Assistant | All | All | All | All |
| Application | Symantec | Norton Antivirus | 2006 | All | All | All |
| Application | Symantec | Norton Antivirus | 2006 | All | All | All |
| Application | Symantec | Norton Internet Security | 2006 | All | All | All |
| Application | Symantec | Norton Internet Security | 2006 | All | All | All |
| Application | Symantec | Norton System Works | 2006 | All | All | All |
| Application | Symantec | Norton System Works | 2006 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SupportSoft ActiveX Controls Remote Buffer Overflow Vulnerabilities | BID | www.securityfocus.com | |
| Symantec Multiple Products SupportSoft ActiveX Controls Buffer Overflow - Advisories - Secunia | SECUNIA | secunia.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| 20070223 Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support | BUGTRAQ | archives.neohapsis.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| VU#441785 - SupportSoft ActiveX controls contain multiple buffer overflows | CERT-VN | www.kb.cert.org | US Government Resource |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| SupportSoft ActiveX Controls Buffer Overflow Vulnerabilities - Advisories - Secunia | SECUNIA | secunia.com | |
| 20070222 Multiple Vendor SupportSoft SmartIssue ActiveX Control Buffer Overflow Vulnerability | IDEFENSE | labs.idefense.com | |
| Symantec Norton AntiVirus Stack Overflow in 3rd Party ActiveX Controls Lets Remote Users Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | |
| 33481 | OSVDB | osvdb.org | |
| Symantec Norton System Works Stack Overflow in 3rd Party ActiveX Controls Lets Remote Users Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Symantec Norton Internet Security Stack Overflow in 3rd Party ActiveX Controls Lets Remote Users Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Symantec Automated Support Assistant Stack Overflow in 3rd Party ActiveX Controls Lets Remote Users Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | |
| 33482 | OSVDB | osvdb.org | |
| Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support Assistant | CONFIRM | www.symantec.com | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.