CVE-2006-5403: Buffer Overflow
First published: Thu Oct 19 2006(Updated: )
Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Automated Support Assistant | ||
| Symantec Norton Antivirus with Backup | ||
| Symantec Norton Internet Security | =2006 | |
| Symantec Norton System Works | =2005 | |
| Symantec Norton System Works | =2006 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html
- http://www.securityfocus.com/bid/20348
- http://securitytracker.com/id?1016988
- http://securitytracker.com/id?1016989
- http://securitytracker.com/id?1016990
- http://securitytracker.com/id?1016991
- http://secunia.com/advisories/22228
- http://www.kb.cert.org/vuls/id/400601
- http://www.vupen.com/english/advisories/2006/3929
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29363
Frequently Asked Questions
What is the severity of CVE-2006-5403?
CVE-2006-5403 has been categorized with a high severity due to its potential to allow arbitrary code execution and denial of service.
How do I fix CVE-2006-5403?
To mitigate CVE-2006-5403, users should update to the latest versions of affected Symantec products that include the security patches.
What software is affected by CVE-2006-5403?
CVE-2006-5403 affects Symantec Automated Support Assistant, Norton AntiVirus, Norton Internet Security 2006, and Norton System Works 2005 and 2006.
What type of vulnerability is CVE-2006-5403?
CVE-2006-5403 is a stack-based buffer overflow vulnerability that can be exploited by user-assisted remote attackers.
Can CVE-2006-5403 lead to a denial of service?
Yes, CVE-2006-5403 can cause a denial of service by crashing the affected application.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/symantec
- product/norton system works
- product/norton antivirus
- product/norton internet security
- product/automated support assistant
- canonical/symantec automated support assistant
- canonical/symantec norton antivirus with backup
- canonical/symantec norton internet security
- version/symantec norton internet security/2006
- canonical/symantec norton system works
- version/symantec norton system works/2005
- version/symantec norton system works/2006