Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:715CCFA641C08EF8AAA9F88A9EA229B4
HistoryMar 15, 2007 - 12:00 a.m.

SupportSoft tgctlsi.dll ActiveX control buffer overflow

2007-03-1500:00:00
SAINT Corporation
www.saintcorporation.com
14

0.087 Low

EPSS

Percentile

93.9%

JSON

Added: 03/15/2007
CVE: CVE-2006-6490
BID: 22564
OSVDB: 33481

Background

SupportSoft ActiveX controls are used by third-party products to provide remote technical support.

Problem

SupportSoft ActiveX controls are affected by multiple buffer overflow vulnerabilities which can lead to command execution when a user loads a specially crafted web page.

Resolution

Symantec users can use LiveUpdate to patch the system as described in SYM07-002.

In general, the vulnerability can be fixed as described in the SupportSoft Security Update.

References

<http://www.kb.cert.org/vuls/id/441785&gt;
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478&gt;

Limitations

Exploit works on SupportSoft tgctlsi Module Build 6.9.545.0.

There may be a delay before the exploit succeeds due to the amount of memory required.

tgctlsi.dll must be registered in order for the exploit to succeed. This may or may not be registered automatically by the product which contains SupportSoft. The following command registers tgctlsi.dll manually:

>
> regsvr32 <path>/tgctlsi.dll

Platforms

Windows

Related

securityvulns 2
saint 3
checkpoint_advisories 1
cve 1
cert 1
cvelist 1
securityvulns
securityvulns
Supportsoft ActiveX used in Symantec&#39;s products buffer overflow
2007-02-25 00:00:00
[email protected]
2007-02-25 00:00:00
saint
saint
SupportSoft tgctlsi.dll ActiveX control buffer overflow
2007-03-15 00:00:00
SupportSoft tgctlsi.dll ActiveX control buffer overflow
2007-03-15 00:00:00
SupportSoft tgctlsi.dll ActiveX control buffer overflow
2007-03-15 00:00:00
checkpoint_advisories
checkpoint_advisories
Symantec Products SupportSoft ActiveX Control Multiple Buffer Overflows (CVE-2006-6490)
2007-05-01 00:00:00
cve
cve
CVE-2006-6490
2007-02-22 21:28:00
cert
cert
SupportSoft ActiveX controls contain multiple buffer overflows
2007-02-23 00:00:00
cvelist
cvelist
CVE-2006-6490
2007-02-22 21:00:00

0.087 Low

EPSS

Percentile

93.9%

JSON
Related for SAINT:715CCFA641C08EF8AAA9F88A9EA229B4
securityvulns2saint3checkpoint_advisories1cve1cert1cvelist1