CVE-2006-6490

Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message.

Published: Feb 22, 2007
Updated: Apr 13, 2023
CVE: CVE-2006-6490
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
supportsoft / scriptrunner	-	-
supportsoft / smartissue	-	-
symantec / norton_system_works	2006	2006.x
symantec / norton_antivirus	2006	2006.x
symantec / norton_internet_security	2006	2006.x
symantec / automated_support_assistant	-	-

http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478
http://osvdb.org/33481
http://osvdb.org/33482
http://secunia.com/advisories/24246
http://secunia.com/advisories/24251
http://www.kb.cert.org/vuls/id/441785
http://www.securityfocus.com/archive/1/461147/100/0/threaded
http://www.securityfocus.com/bid/22564
http://www.securitytracker.com/id?1017688
http://www.securitytracker.com/id?1017689
http://www.securitytracker.com/id?1017690
http://www.securitytracker.com/id?1017691
http://www.symantec.com/avcenter/security/Content/2007.02.22.html
http://www.vupen.com/english/advisories/2007/0703
http://www.vupen.com/english/advisories/2007/0704
https://exchange.xforce.ibmcloud.com/vulnerabilities/32636

Vulnerability Database

289,697

CVE-2006-6490