Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Scriptrunner | Supportsoft | * | * |
| Smartissue | Supportsoft | * | * |
| Automated_support_assistant | Symantec | * | * |
| Norton_antivirus | Symantec | 2006 (including) | 2006 (including) |
| Norton_internet_security | Symantec | 2006 (including) | 2006 (including) |
| Norton_system_works | Symantec | 2006 (including) | 2006 (including) |
References
- http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478
- http://osvdb.org/33481
- http://osvdb.org/33482
- http://secunia.com/advisories/24246
- http://secunia.com/advisories/24251
- http://www.kb.cert.org/vuls/id/441785
- http://www.securityfocus.com/archive/1/461147/100/0/threaded
- http://www.securityfocus.com/bid/22564
- http://www.securitytracker.com/id?1017688
- http://www.securitytracker.com/id?1017689
- http://www.securitytracker.com/id?1017690
- http://www.securitytracker.com/id?1017691
- http://www.symantec.com/avcenter/security/Content/2007.02.22.html
- http://www.vupen.com/english/advisories/2007/0703
- http://www.vupen.com/english/advisories/2007/0704
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32636
- http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478
- http://osvdb.org/33481
- http://osvdb.org/33482
- http://secunia.com/advisories/24246
- http://secunia.com/advisories/24251
- http://www.kb.cert.org/vuls/id/441785
- http://www.securityfocus.com/archive/1/461147/100/0/threaded
- http://www.securityfocus.com/bid/22564
- http://www.securitytracker.com/id?1017688
- http://www.securitytracker.com/id?1017689
- http://www.securitytracker.com/id?1017690
- http://www.securitytracker.com/id?1017691
- http://www.symantec.com/avcenter/security/Content/2007.02.22.html
- http://www.vupen.com/english/advisories/2007/0703
- http://www.vupen.com/english/advisories/2007/0704
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32636