CVE-2006-6490

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478", "name": "20070222 Multiple Vendor SupportSoft SmartIssue ActiveX Control Buffer Overflow Vulnerability", "tags": [], "refsource": "IDEFENSE"}, {"url": "http://www.symantec.com/avcenter/security/Content/2007.02.22.html", "name": "http://www.symantec.com/avcenter/security/Content/2007.02.22.html", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://www.kb.cert.org/vuls/id/441785", "name": "VU#441785", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.securityfocus.com/bid/22564", "name": "22564", "tags": [], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1017688", "name": "1017688", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.securitytracker.com/id?1017689", "name": "1017689", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.securitytracker.com/id?1017690", "name": "1017690", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.securitytracker.com/id?1017691", "name": "1017691", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/24246", "name": "24246", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/24251", "name": "24251", "tags": [], "refsource": "SECUNIA"}, {"url": "http://osvdb.org/33481", "name": "33481", "tags": [], "refsource": "OSVDB"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html", "name": "20070223 Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://osvdb.org/33482", "name": "33482", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2007/0703", "name": "ADV-2007-0703", "tags": [], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2007/0704", "name": "ADV-2007-0704", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32636", "name": "supportsoft-activex-multiple-bo(32636)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/461147/100/0/threaded", "name": "20070223 Re: Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-6490", "ASSIGNER": "cert@cert.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2007-02-22T21:28Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:symantec:automated_support_assistant:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:supportsoft:scriptrunner:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:supportsoft:smartissue:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:norton_system_works:2006:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-17T21:48Z"}