Lucene search

PRIOn knowledge basePRION:CVE-2007-2955

HistoryAug 09, 2007 - 9:17 p.m.

Input validation

2007-08-0921:17:00

PRIOn knowledge base

www.prio-n.com

8.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.904 High

EPSS

Percentile

98.7%

JSON

Multiple unspecified “input validation error” vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA.

CPENameOperatorVersion
norton_antiviruseq2006
norton_internet_securityeq2005 anti-spyware
norton_internet_securityeq2006
norton_system_workseq2006

Name	Operator	Version
norton_antivirus	eq	2006
norton_internet_security	eq	2005 anti-spyware
norton_internet_security	eq	2006
norton_system_works	eq	2006

References

secunia.com/advisories/25215

secunia.com/secunia_research/2007-53/advisory/

www.securityfocus.com/bid/24983

www.securitytracker.com/id?1018545

www.securitytracker.com/id?1018546

www.securitytracker.com/id?1018547

www.symantec.com/avcenter/security/Content/2007.08.09.html

www.vupen.com/english/advisories/2007/2822

exchange.xforce.ibmcloud.com/vulnerabilities/35944

8.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.904 High

EPSS

Percentile

98.7%

JSON

Related for PRION:CVE-2007-2955