Vulnerabilities > CVE-2006-6490 - Remote Buffer Overflow vulnerability in SupportSoft ActiveX Controls
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 | |
| Application | 4 |
Saint
| bid | 22564 |
| description | SupportSoft tgctlsi.dll ActiveX control buffer overflow |
| id | misc_av_supportsofttgax |
| osvdb | 33481 |
| title | supportsoft_activex |
| type | client |
References
- http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478
- http://osvdb.org/33481
- http://osvdb.org/33482
- http://secunia.com/advisories/24246
- http://secunia.com/advisories/24251
- http://www.kb.cert.org/vuls/id/441785
- http://www.securityfocus.com/archive/1/461147/100/0/threaded
- http://www.securityfocus.com/bid/22564
- http://www.securitytracker.com/id?1017688
- http://www.securitytracker.com/id?1017689
- http://www.securitytracker.com/id?1017690
- http://www.securitytracker.com/id?1017691
- http://www.symantec.com/avcenter/security/Content/2007.02.22.html
- http://www.vupen.com/english/advisories/2007/0703
- http://www.vupen.com/english/advisories/2007/0704
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32636