Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2006-3456
HistoryMay 11, 2007 - 10:19 a.m.

CVE-2006-3456

2007-05-1110:19:00
CWE-94
mitre
web.nvd.nist.gov
25
symantec
navopts.dll
activex control
vulnerability
remote attackers
arbitrary code
web content

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

7.2

Confidence

Low

EPSS

0.01

Percentile

83.6%

JSON

The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to “crash the control” via unspecified vectors related to content on a web site, and place Internet Explorer into a “defunct state” in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771.

Affected configurations

Nvd
Node
symantecnorton_antivirusMatch2005
OR
symantecnorton_antivirusMatch2006
OR
symantecnorton_internet_securityMatch2005
OR
symantecnorton_internet_securityMatch2006
OR
symantecnorton_system_worksMatch2005
OR
symantecnorton_system_worksMatch2006
VendorProductVersionCPE
symantecnorton_antivirus2005cpe:2.3:a:symantec:norton_antivirus:2005:*:*:*:*:*:*:*
symantecnorton_antivirus2006cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*
symantecnorton_internet_security2005cpe:2.3:a:symantec:norton_internet_security:2005:*:*:*:*:*:*:*
symantecnorton_internet_security2006cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*
symantecnorton_system_works2005cpe:2.3:a:symantec:norton_system_works:2005:*:*:*:*:*:*:*
symantecnorton_system_works2006cpe:2.3:a:symantec:norton_system_works:2006:*:*:*:*:*:*:*

Related

cvelist 2
nvd 2
prion 1
cve 1
securityvulns 2
symantec 1
cvelist
cvelist
CVE-2007-3771
2007-07-15 22:00:00
CVE-2006-3456
2007-05-11 10:00:00
nvd
nvd
CVE-2006-3456
2007-05-11 10:19:00
CVE-2007-3771
2007-07-15 22:30:00
prion
prion
Stack overflow
2007-07-15 22:30:00
cve
cve
CVE-2007-3771
2007-07-15 22:30:00
securityvulns
securityvulns
Symantec Norton Internet Security Code Execution
2007-05-12 00:00:00
iDefense Security Advisory 05.09.07: Symantec Norton Internet Security 2006 COM Object Security ByPass Vulnerability
2007-05-12 00:00:00
symantec
symantec
Symantec Client Security Internet E-mail Auto-Protect Stack Overflow
2007-07-11 08:00:00

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

7.2

Confidence

Low

EPSS

0.01

Percentile

83.6%

JSON
Related for CVE-2006-3456
cvelist2nvd2prion1cve1securityvulns2symantec1