Computer Security
[EN] securityvulns.ru no-pyccku


Symantec Norton Internet Security Code Execution
Published:12.05.2007
Source:
SecurityVulns ID:7701
Type:client
Threat Level:
5/10
Description:Invalid processing of exceptional conditions allows to access ActiveX not makrked as safe for scripting.
Affected:SYMANTEC : Norton Internet Security 2006
 SYMANTEC : Norton AntiVirus 2006
CVE:CVE-2006-3456 (The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 05.09.07: Symantec Norton Internet Security 2006 COM Object Security ByPass Vulnerability (12.05.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod