CVE-2006-3456

CWE-94 — Code Injection4 documents4 sources

Severity

8.5HIGH

EPSS

8.2%

top 7.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Norton Antivirus Symantec Norton Internet Security Symantec Norton System Works

Timeline

PublishedMay 11

Latest updateMay 1

Description

The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls,…

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages3 packages

▶NVDsymantec/norton_internet_security2005, 2006+1

▶NVDsymantec/norton_antivirus2005, 2006+1

▶NVDsymantec/norton_system_works2005, 2006+1

🔴Vulnerability Details

GHSA

GHSA-2w73-8453-mgjq: The Symantec NAVOPTS↗2022-05-01

▶

CVEList

CVE-2006-3456: The Symantec NAVOPTS↗2007-05-11

▶

💬Community

Bugzilla

clamav < 0.88.5 CHM and PE vulnerabilities↗2006-10-16

▶