{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-02-22T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "20070223 Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html"}, {"name": "VU#441785", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/441785"}, {"name": "ADV-2007-0704", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0704"}, {"name": "20070223 Re: Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/461147/100/0/threaded"}, {"name": "1017688", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1017688"}, {"name": "ADV-2007-0703", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0703"}, {"name": "1017691", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1017691"}, {"name": "33482", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/33482"}, {"name": "24251", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24251"}, {"name": "22564", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22564"}, {"name": "1017689", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1017689"}, {"name": "1017690", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1017690"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.symantec.com/avcenter/security/Content/2007.02.22.html"}, {"name": "supportsoft-activex-multiple-bo(32636)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32636"}, {"name": "33481", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/33481"}, {"name": "24246", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24246"}, {"name": "20070222 Multiple Vendor SupportSoft SmartIssue ActiveX Control Buffer Overflow Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2006-6490", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20070223 Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html"}, {"name": "VU#441785", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/441785"}, {"name": "ADV-2007-0704", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0704"}, {"name": "20070223 Re: Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/461147/100/0/threaded"}, {"name": "1017688", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017688"}, {"name": "ADV-2007-0703", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0703"}, {"name": "1017691", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017691"}, {"name": "33482", "refsource": "OSVDB", "url": "http://osvdb.org/33482"}, {"name": "24251", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24251"}, {"name": "22564", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22564"}, {"name": "1017689", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017689"}, {"name": "1017690", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1017690"}, {"name": "http://www.symantec.com/avcenter/security/Content/2007.02.22.html", "refsource": "CONFIRM", "url": "http://www.symantec.com/avcenter/security/Content/2007.02.22.html"}, {"name": "supportsoft-activex-multiple-bo(32636)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32636"}, {"name": "33481", "refsource": "OSVDB", "url": "http://osvdb.org/33481"}, {"name": "24246", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24246"}, {"name": "20070222 Multiple Vendor SupportSoft SmartIssue ActiveX Control Buffer Overflow Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:26:46.567Z"}, "title": "CVE Program Container", "references": [{"name": "20070223 Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html"}, {"name": "VU#441785", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/441785"}, {"name": "ADV-2007-0704", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0704"}, {"name": "20070223 Re: Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/461147/100/0/threaded"}, {"name": "1017688", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1017688"}, {"name": "ADV-2007-0703", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0703"}, {"name": "1017691", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1017691"}, {"name": "33482", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/33482"}, {"name": "24251", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24251"}, {"name": "22564", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/22564"}, {"name": "1017689", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1017689"}, {"name": "1017690", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1017690"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.symantec.com/avcenter/security/Content/2007.02.22.html"}, {"name": "supportsoft-activex-multiple-bo(32636)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32636"}, {"name": "33481", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/33481"}, {"name": "24246", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24246"}, {"name": "20070222 Multiple Vendor SupportSoft SmartIssue ActiveX Control Buffer Overflow Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2006-6490", "datePublished": "2007-02-22T21:00:00", "dateReserved": "2006-12-12T00:00:00", "dateUpdated": "2024-08-07T20:26:46.567Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:supportsoft:scriptrunner:*:*:*:*:*:*:*:*", "matchCriteriaId": "98D33388-F9B0-4901-AB69-D68BB3856336", "vulnerable": true}, {"criteria": "cpe:2.3:a:supportsoft:smartissue:*:*:*:*:*:*:*:*", "matchCriteriaId": "81D23C4B-6BD4-4355-8F5E-793EBFB6C19A", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:automated_support_assistant:*:*:*:*:*:*:*:*", "matchCriteriaId": "F8B0CDB6-4DB2-4F75-B408-7E8EC39446FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*", "matchCriteriaId": "44843812-35FC-4378-B239-EEC74A0C8A39", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*", "matchCriteriaId": "C1CC64B1-772C-42A9-9B0A-08CA92DC87E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:norton_system_works:2006:*:*:*:*:*:*:*", "matchCriteriaId": "05EB078C-2538-4961-ABFF-6C4601C3977F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message."}, {"lang": "es", "value": "M\u00faltiples desbordamiento de b\u00fafer en los controles ActiveX de SupportSoft (1) SmartIssue (tgctlsi.dll) y (2) ScriptRunner (tgctlsr.dll), tal y como se usan en Symantec Automated Support Assistant y Norton AntiVirus, Internet Security, y System Works 2006, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un mensaje HTML manipulado."}], "id": "CVE-2006-6490", "lastModified": "2018-10-17T21:48:21.300", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-02-22T21:28:00.000", "references": [{"source": "cret@cert.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html"}, {"source": "cret@cert.org", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478"}, {"source": "cret@cert.org", "url": "http://osvdb.org/33481"}, {"source": "cret@cert.org", "url": "http://osvdb.org/33482"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/24246"}, {"source": "cret@cert.org", "url": "http://secunia.com/advisories/24251"}, {"source": "cret@cert.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/441785"}, {"source": "cret@cert.org", "url": "http://www.securityfocus.com/archive/1/461147/100/0/threaded"}, {"source": "cret@cert.org", "url": "http://www.securityfocus.com/bid/22564"}, {"source": "cret@cert.org", "url": "http://www.securitytracker.com/id?1017688"}, {"source": "cret@cert.org", "url": "http://www.securitytracker.com/id?1017689"}, {"source": "cret@cert.org", "url": "http://www.securitytracker.com/id?1017690"}, {"source": "cret@cert.org", "url": "http://www.securitytracker.com/id?1017691"}, {"source": "cret@cert.org", "tags": ["Patch"], "url": "http://www.symantec.com/avcenter/security/Content/2007.02.22.html"}, {"source": "cret@cert.org", "url": "http://www.vupen.com/english/advisories/2007/0703"}, {"source": "cret@cert.org", "url": "http://www.vupen.com/english/advisories/2007/0704"}, {"source": "cret@cert.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32636"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}