6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.904 High
EPSS
Percentile
98.7%
Added: 09/20/2007
CVE: CVE-2007-2955
BID: 24983
OSVDB: 36477
The Symantec Norton product suite includes antivirus, firewall, and other security functions.
Vulnerabilities in the AxSysListView32 and AxSysListView32OAA ActiveX controls, implemented by the NavComUI.dll library within Norton products, allows command execution when handling specially crafted “AnomalyList” and “Anomaly” properties.
A fix is available through the LiveUpdate feature within Norton products.
<http://secunia.com/secunia_research/2007-53/advisory/>
Exploit works on Symantec Norton Internet Security 2006.
Windows XP