CVE-2007-2955

3 documents3 sources

Severity

6.8MEDIUM

EPSS

11.6%

top 6.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Norton Antivirus Symantec Norton Internet Security Symantec Norton System Works

Timeline

PublishedAug 9

Latest updateMay 1

Description

Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶NVDsymantec/norton_system_works2006

▶NVDsymantec/norton_internet_security2005, 2006+1

▶NVDsymantec/norton_antivirus2006

🔴Vulnerability Details

GHSA

GHSA-36pp-h6qf-9x8p: Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavComUI↗2022-05-01

▶

CVEList

CVE-2007-2955: Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavComUI↗2007-08-09

▶