CVE-2006-6490

Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478
http://www.symantec.com/avcenter/security/Content/2007.02.22.html	Patch
http://www.kb.cert.org/vuls/id/441785	US Government Resource
http://www.securityfocus.com/bid/22564
http://www.securitytracker.com/id?1017688
http://www.securitytracker.com/id?1017689
http://www.securitytracker.com/id?1017690
http://www.securitytracker.com/id?1017691
http://secunia.com/advisories/24246
http://secunia.com/advisories/24251
http://osvdb.org/33481
http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html
http://osvdb.org/33482
http://www.vupen.com/english/advisories/2007/0703
http://www.vupen.com/english/advisories/2007/0704
https://exchange.xforce.ibmcloud.com/vulnerabilities/32636
http://www.securityfocus.com/archive/1/461147/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:symantec:automated_support_assistant::::::::
	cpe:2.3:a:symantec:norton_antivirus:2006:::::::*
	cpe:2.3:a:supportsoft:scriptrunner::::::::
	cpe:2.3:a:supportsoft:smartissue::::::::
	cpe:2.3:a:symantec:norton_internet_security:2006:::::::*
	cpe:2.3:a:symantec:norton_system_works:2006:::::::*

Information

Published : 2007-02-22 13:28

Updated : 2018-10-17 14:48

NVD link : CVE-2006-6490

Mitre link : CVE-2006-6490

JSON object : View

CWE

NVD-CWE-Other

Products Affected

symantec

automated_support_assistant
norton_internet_security
norton_system_works
norton_antivirus

supportsoft

scriptrunner
smartissue

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478", "name": "20070222 Multiple Vendor SupportSoft SmartIssue ActiveX Control Buffer Overflow Vulnerability", "tags": [], "refsource": "IDEFENSE"}, {"url": "http://www.symantec.com/avcenter/security/Content/2007.02.22.html", "name": "http://www.symantec.com/avcenter/security/Content/2007.02.22.html", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.kb.cert.org/vuls/id/441785", "name": "VU#441785", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.securityfocus.com/bid/22564", "name": "22564", "tags": [], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1017688", "name": "1017688", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.securitytracker.com/id?1017689", "name": "1017689", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.securitytracker.com/id?1017690", "name": "1017690", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.securitytracker.com/id?1017691", "name": "1017691", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/24246", "name": "24246", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/24251", "name": "24251", "tags": [], "refsource": "SECUNIA"}, {"url": "http://osvdb.org/33481", "name": "33481", "tags": [], "refsource": "OSVDB"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html", "name": "20070223 Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://osvdb.org/33482", "name": "33482", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2007/0703", "name": "ADV-2007-0703", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2007/0704", "name": "ADV-2007-0704", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32636", "name": "supportsoft-activex-multiple-bo(32636)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/461147/100/0/threaded", "name": "20070223 Re: Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-6490", "ASSIGNER": "cert@cert.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-02-22T21:28Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:symantec:automated_support_assistant:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:supportsoft:scriptrunner:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:supportsoft:smartissue:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:norton_system_works:2006:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-17T21:48Z"}

10.0 /10