10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.079 Low
EPSS
Percentile
94.1%
Added: 03/15/2007
CVE: CVE-2006-6490
BID: 22564
OSVDB: 33481
SupportSoft ActiveX controls are used by third-party products to provide remote technical support.
SupportSoft ActiveX controls are affected by multiple buffer overflow vulnerabilities which can lead to command execution when a user loads a specially crafted web page.
Symantec users can use LiveUpdate to patch the system as described in SYM07-002.
In general, the vulnerability can be fixed as described in the SupportSoft Security Update.
<http://www.kb.cert.org/vuls/id/441785>
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478>
Exploit works on SupportSoft tgctlsi Module Build 6.9.545.0.
There may be a delay before the exploit succeeds due to the amount of memory required.
tgctlsi.dll must be registered in order for the exploit to succeed. This may or may not be registered automatically by the product which contains SupportSoft. The following command registers tgctlsi.dll manually:
>
> regsvr32 <path>/tgctlsi.dll
Windows