CVE-2007-2955

Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA.

Published: Aug 9, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-2955
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
symantec / norton_system_works	2006	2006.x
symantec / norton_internet_security	2005	2005.x
symantec / norton_antivirus	2006	2006.x
symantec / norton_internet_security	2006	2006.x

http://secunia.com/advisories/25215
http://secunia.com/secunia_research/2007-53/advisory/
http://www.securityfocus.com/bid/24983
http://www.securitytracker.com/id?1018545
http://www.securitytracker.com/id?1018546
http://www.securitytracker.com/id?1018547
http://www.symantec.com/avcenter/security/Content/2007.08.09.html
http://www.vupen.com/english/advisories/2007/2822
https://exchange.xforce.ibmcloud.com/vulnerabilities/35944

Vulnerability Database

289,697

CVE-2007-2955