CVE-2006-6490
7.4 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.079 Low
EPSS
Percentile
94.2%
Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message.
References
archives.neohapsis.com/archives/bugtraq/2007-02/0454.html
labs.idefense.com/intelligence/vulnerabilities/display.php?id=478
osvdb.org/33481
osvdb.org/33482
secunia.com/advisories/24246
secunia.com/advisories/24251
www.kb.cert.org/vuls/id/441785
www.securityfocus.com/archive/1/461147/100/0/threaded
www.securityfocus.com/bid/22564
www.securitytracker.com/id?1017688
www.securitytracker.com/id?1017689
www.securitytracker.com/id?1017690
www.securitytracker.com/id?1017691
www.symantec.com/avcenter/security/Content/2007.02.22.html
www.vupen.com/english/advisories/2007/0703
www.vupen.com/english/advisories/2007/0704
exchange.xforce.ibmcloud.com/vulnerabilities/32636
Related
7.4 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.079 Low
EPSS
Percentile
94.2%