Symantec Norton Antivirus NAVOPTS.DLL ActiveX Control Remote Code Execution Vulnerability
BID:23822
Info
Symantec Norton Antivirus NAVOPTS.DLL ActiveX Control Remote Code Execution Vulnerability
| Bugtraq ID: | 23822 |
| Class: | Design Error |
| CVE: |
CVE-2006-3456 |
| Remote: | Yes |
| Local: | No |
| Published: | May 09 2007 12:00AM |
| Updated: | May 10 2007 02:49AM |
| Credit: | Peter Vreugdenhil working with iDefense is credited with discovering this issue. |
| Vulnerable: |
Symantec Norton SystemWorks 2006 0 Symantec Norton SystemWorks 2005 0 Symantec Norton Internet Security 2006 0 Symantec Norton Internet Security 2005 Symantec Norton AntiVirus 2006 Symantec Norton AntiVirus 2005 |
| Not Vulnerable: | |
Discussion
Symantec Norton Antivirus NAVOPTS.DLL ActiveX Control Remote Code Execution Vulnerability
Symantec Norton Antivirus ActiveX control is prone to a remote code-execution vulnerability.
An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.
Successful exploits will allow attackers to execute arbitrary code in the context of the user visiting a malicious web page. Failed exploit attempts will likely result in denial-of-service conditions.
Symantec Norton Antivirus ActiveX control is prone to a remote code-execution vulnerability.
An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.
Successful exploits will allow attackers to execute arbitrary code in the context of the user visiting a malicious web page. Failed exploit attempts will likely result in denial-of-service conditions.
Exploit / POC
Symantec Norton Antivirus NAVOPTS.DLL ActiveX Control Remote Code Execution Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Symantec Norton Antivirus NAVOPTS.DLL ActiveX Control Remote Code Execution Vulnerability
Solution:
Symantec released an advisory and fixes to address this issue. Please see the references for more information.
Solution:
Symantec released an advisory and fixes to address this issue. Please see the references for more information.
References
Symantec Norton Antivirus NAVOPTS.DLL ActiveX Control Remote Code Execution Vulnerability
References:
References:
- Microsoft Knowledge Base Article 240797 (Microsoft)
- Symantec Homepage (Symantec)
- iDefense Security Advisory 05.09.07: Symantec Norton Internet Security 2006 COM (iDefense Labs)
- SYM07-005: Symantec COM object security bypass (Symantec)