Lucene search

SAINT CorporationSAINT:49E99DF73ED8510B355116D831B2AFC6

HistorySep 20, 2007 - 12:00 a.m.

Symantec Norton NavComUI ActiveX control vulnerability

2007-09-2000:00:00

SAINT Corporation

download.saintcorporation.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.904 High

EPSS

Percentile

98.5%

JSON

Added: 09/20/2007
CVE: CVE-2007-2955
BID: 24983
OSVDB: 36477

Background

The Symantec Norton product suite includes antivirus, firewall, and other security functions.

Problem

Vulnerabilities in the AxSysListView32 and AxSysListView32OAA ActiveX controls, implemented by the NavComUI.dll library within Norton products, allows command execution when handling specially crafted “AnomalyList” and “Anomaly” properties.

Resolution

A fix is available through the LiveUpdate feature within Norton products.

References

<http://secunia.com/secunia_research/2007-53/advisory/>

Limitations

Exploit works on Symantec Norton Internet Security 2006.

Platforms

Windows XP

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.904 High

EPSS

Percentile

98.5%

JSON

Related for SAINT:49E99DF73ED8510B355116D831B2AFC6