{"api_version":"1","generated_at":"2026-04-23T11:33:16+00:00","cve":"CVE-2006-6490","urls":{"html":"https://cve.report/CVE-2006-6490","api":"https://cve.report/api/cve/CVE-2006-6490.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-6490","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-6490"},"summary":{"title":"CVE-2006-6490","description":"Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message.","state":"PUBLISHED","assigner":"certcc","published_at":"2007-02-22 21:28:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"10","severity":"","vector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://secunia.com/advisories/24246","name":"http://secunia.com/advisories/24246","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Symantec Multiple Products SupportSoft ActiveX Controls Buffer Overflow - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1017689","name":"http://www.securitytracker.com/id?1017689","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Symantec Norton System Works Stack Overflow in 3rd Party ActiveX Controls Lets Remote Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/22564","name":"http://www.securityfocus.com/bid/22564","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SupportSoft ActiveX Controls Remote Buffer Overflow Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.kb.cert.org/vuls/id/441785","name":"http://www.kb.cert.org/vuls/id/441785","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"],"title":"VU#441785 - SupportSoft ActiveX controls contain multiple buffer overflows","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/0704","name":"http://www.vupen.com/english/advisories/2007/0704","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1017688","name":"http://www.securitytracker.com/id?1017688","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Symantec Automated Support Assistant Stack Overflow in 3rd Party ActiveX Controls Lets Remote Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/33482","name":"http://osvdb.org/33482","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.securitytracker.com/id?1017691","name":"http://www.securitytracker.com/id?1017691","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Symantec Norton Internet Security Stack Overflow in 3rd Party ActiveX Controls Lets Remote Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/0703","name":"http://www.vupen.com/english/advisories/2007/0703","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html","name":"http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://osvdb.org/33481","name":"http://osvdb.org/33481","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478","name":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://secunia.com/advisories/24251","name":"http://secunia.com/advisories/24251","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SupportSoft ActiveX Controls Buffer Overflow Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/32636","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/32636","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/461147/100/0/threaded","name":"http://www.securityfocus.com/archive/1/461147/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.symantec.com/avcenter/security/Content/2007.02.22.html","name":"http://www.symantec.com/avcenter/security/Content/2007.02.22.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support Assistant","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1017690","name":"http://www.securitytracker.com/id?1017690","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Symantec Norton AntiVirus Stack Overflow in 3rd Party ActiveX Controls Lets Remote Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-6490","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-6490","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"6490","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"supportsoft","cpe5":"scriptrunner","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6490","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"supportsoft","cpe5":"smartissue","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6490","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"automated_support_assistant","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6490","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"norton_antivirus","cpe6":"2006","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6490","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"norton_internet_security","cpe6":"2006","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"6490","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"norton_system_works","cpe6":"2006","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T20:26:46.567Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"20070223 Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html"},{"name":"VU#441785","tags":["third-party-advisory","x_refsource_CERT-VN","x_transferred"],"url":"http://www.kb.cert.org/vuls/id/441785"},{"name":"ADV-2007-0704","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2007/0704"},{"name":"20070223 Re: Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/461147/100/0/threaded"},{"name":"1017688","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1017688"},{"name":"ADV-2007-0703","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2007/0703"},{"name":"1017691","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1017691"},{"name":"33482","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/33482"},{"name":"24251","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/24251"},{"name":"22564","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/22564"},{"name":"1017689","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1017689"},{"name":"1017690","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1017690"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.symantec.com/avcenter/security/Content/2007.02.22.html"},{"name":"supportsoft-activex-multiple-bo(32636)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/32636"},{"name":"33481","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/33481"},{"name":"24246","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/24246"},{"name":"20070222 Multiple Vendor SupportSoft SmartIssue ActiveX Control Buffer Overflow Vulnerability","tags":["third-party-advisory","x_refsource_IDEFENSE","x_transferred"],"url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-02-22T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-17T20:57:01.000Z","orgId":"37e5125f-f79b-445b-8fad-9564f167944b","shortName":"certcc"},"references":[{"name":"20070223 Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html"},{"name":"VU#441785","tags":["third-party-advisory","x_refsource_CERT-VN"],"url":"http://www.kb.cert.org/vuls/id/441785"},{"name":"ADV-2007-0704","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2007/0704"},{"name":"20070223 Re: Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/461147/100/0/threaded"},{"name":"1017688","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1017688"},{"name":"ADV-2007-0703","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2007/0703"},{"name":"1017691","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1017691"},{"name":"33482","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/33482"},{"name":"24251","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/24251"},{"name":"22564","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/22564"},{"name":"1017689","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1017689"},{"name":"1017690","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1017690"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.symantec.com/avcenter/security/Content/2007.02.22.html"},{"name":"supportsoft-activex-multiple-bo(32636)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/32636"},{"name":"33481","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/33481"},{"name":"24246","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/24246"},{"name":"20070222 Multiple Vendor SupportSoft SmartIssue ActiveX Control Buffer Overflow Vulnerability","tags":["third-party-advisory","x_refsource_IDEFENSE"],"url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cert@cert.org","ID":"CVE-2006-6490","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"20070223 Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support","refsource":"BUGTRAQ","url":"http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html"},{"name":"VU#441785","refsource":"CERT-VN","url":"http://www.kb.cert.org/vuls/id/441785"},{"name":"ADV-2007-0704","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/0704"},{"name":"20070223 Re: Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/461147/100/0/threaded"},{"name":"1017688","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1017688"},{"name":"ADV-2007-0703","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/0703"},{"name":"1017691","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1017691"},{"name":"33482","refsource":"OSVDB","url":"http://osvdb.org/33482"},{"name":"24251","refsource":"SECUNIA","url":"http://secunia.com/advisories/24251"},{"name":"22564","refsource":"BID","url":"http://www.securityfocus.com/bid/22564"},{"name":"1017689","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1017689"},{"name":"1017690","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1017690"},{"name":"http://www.symantec.com/avcenter/security/Content/2007.02.22.html","refsource":"CONFIRM","url":"http://www.symantec.com/avcenter/security/Content/2007.02.22.html"},{"name":"supportsoft-activex-multiple-bo(32636)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/32636"},{"name":"33481","refsource":"OSVDB","url":"http://osvdb.org/33481"},{"name":"24246","refsource":"SECUNIA","url":"http://secunia.com/advisories/24246"},{"name":"20070222 Multiple Vendor SupportSoft SmartIssue ActiveX Control Buffer Overflow Vulnerability","refsource":"IDEFENSE","url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478"}]}}}},"cveMetadata":{"assignerOrgId":"37e5125f-f79b-445b-8fad-9564f167944b","assignerShortName":"certcc","cveId":"CVE-2006-6490","datePublished":"2007-02-22T21:00:00.000Z","dateReserved":"2006-12-12T00:00:00.000Z","dateUpdated":"2024-08-07T20:26:46.567Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-02-22 21:28:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:supportsoft:scriptrunner:*:*:*:*:*:*:*:*","matchCriteriaId":"98D33388-F9B0-4901-AB69-D68BB3856336"},{"vulnerable":true,"criteria":"cpe:2.3:a:supportsoft:smartissue:*:*:*:*:*:*:*:*","matchCriteriaId":"81D23C4B-6BD4-4355-8F5E-793EBFB6C19A"},{"vulnerable":true,"criteria":"cpe:2.3:a:symantec:automated_support_assistant:*:*:*:*:*:*:*:*","matchCriteriaId":"F8B0CDB6-4DB2-4F75-B408-7E8EC39446FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*","matchCriteriaId":"44843812-35FC-4378-B239-EEC74A0C8A39"},{"vulnerable":true,"criteria":"cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*","matchCriteriaId":"C1CC64B1-772C-42A9-9B0A-08CA92DC87E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:symantec:norton_system_works:2006:*:*:*:*:*:*:*","matchCriteriaId":"05EB078C-2538-4961-ABFF-6C4601C3977F"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"6490","Ordinal":"1","Title":"CVE-2006-6490","CVE":"CVE-2006-6490","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"6490","Ordinal":"1","NoteData":"Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message.","Type":"Description","Title":"CVE-2006-6490"},{"CveYear":"2006","CveId":"6490","Ordinal":"2","NoteData":"2007-02-22","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"6490","Ordinal":"3","NoteData":"2018-10-17","Type":"Other","Title":"Modified"}]}}}