Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message.
archives.neohapsis.com/archives/bugtraq/2007-02/0454.html
labs.idefense.com/intelligence/vulnerabilities/display.php?id=478
osvdb.org/33481
osvdb.org/33482
secunia.com/advisories/24246
secunia.com/advisories/24251
www.kb.cert.org/vuls/id/441785
www.securityfocus.com/archive/1/461147/100/0/threaded
www.securityfocus.com/bid/22564
www.securitytracker.com/id?1017688
www.securitytracker.com/id?1017689
www.securitytracker.com/id?1017690
www.securitytracker.com/id?1017691
www.symantec.com/avcenter/security/Content/2007.02.22.html
www.vupen.com/english/advisories/2007/0703
www.vupen.com/english/advisories/2007/0704
exchange.xforce.ibmcloud.com/vulnerabilities/32636