CVE-2006-6490: Buffer Overflow
First published: Thu Feb 22 2007(Updated: )
Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SupportSoft ScriptRunner | ||
| SupportSoft SmartIssue | ||
| Symantec Automated Support Assistant | ||
| Symantec Norton Antivirus with Backup | =2006 | |
| Symantec Norton Internet Security | =2006 | |
| Symantec Norton System Works | =2006 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478
- http://www.symantec.com/avcenter/security/Content/2007.02.22.html
- http://www.kb.cert.org/vuls/id/441785
- http://www.securityfocus.com/bid/22564
- http://www.securitytracker.com/id?1017688
- http://www.securitytracker.com/id?1017689
- http://www.securitytracker.com/id?1017690
- http://www.securitytracker.com/id?1017691
- http://secunia.com/advisories/24246
- http://secunia.com/advisories/24251
- http://osvdb.org/33481
- http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html
- http://osvdb.org/33482
- http://www.vupen.com/english/advisories/2007/0703
- http://www.vupen.com/english/advisories/2007/0704
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32636
- http://www.securityfocus.com/archive/1/461147/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-6490?
CVE-2006-6490 has a high severity due to its potential to allow remote attackers to execute arbitrary code.
How do I fix CVE-2006-6490?
To fix CVE-2006-6490, ensure that you update your Symantec software to the latest version that addresses this vulnerability.
What products are affected by CVE-2006-6490?
CVE-2006-6490 affects SupportSoft SmartIssue, ScriptRunner ActiveX controls, and several Symantec products including Norton AntiVirus 2006.
Can CVE-2006-6490 be exploited remotely?
Yes, CVE-2006-6490 can be exploited remotely by attackers through specially crafted inputs.
Is CVE-2006-6490 a zero-day vulnerability?
CVE-2006-6490 is not a zero-day vulnerability since it was disclosed publicly and patches were made available after its discovery.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/references
- agent/first-publish-date
- agent/remedy
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/supportsoft
- canonical/supportsoft scriptrunner
- canonical/supportsoft smartissue
- vendor/symantec
- canonical/symantec norton system works
- version/symantec norton system works/2006
- canonical/symantec norton antivirus with backup
- version/symantec norton antivirus with backup/2006
- canonical/symantec norton internet security
- version/symantec norton internet security/2006
- canonical/symantec automated support assistant