CVE-2006-6490

3 documents3 sources

Severity

10.0CRITICAL

EPSS

33.5%

top 3.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Norton Antivirus Symantec Norton Internet Security Symantec Norton System Works

Timeline

PublishedFeb 22

Latest updateMay 1

Description

Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDsymantec/norton_system_works2006

▶NVDsymantec/norton_internet_security2006

▶NVDsymantec/norton_antivirus2006

Patches

Patch: www.symantec.com ↗Patch: www.symantec.com ↗

🔴Vulnerability Details

GHSA

GHSA-qjhg-7vx8-5438: Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi↗2022-05-01

▶

CVEList

CVE-2006-6490: Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi↗2007-02-22

▶