CVE-2007-2955 | Vulnerability Database | Aqua Security

Multiple unspecified input validation error vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA.

Affected Software

Name	Vendor	Start Version	End Version
Norton_antivirus	Symantec	2006 (including)	2006 (including)
Norton_internet_security	Symantec	2005 (including)	2005 (including)
Norton_internet_security	Symantec	2006 (including)	2006 (including)
Norton_system_works	Symantec	2006 (including)	2006 (including)

References

http://secunia.com/advisories/25215
http://secunia.com/secunia_research/2007-53/advisory/
http://www.securityfocus.com/bid/24983
http://www.securitytracker.com/id?1018545
http://www.securitytracker.com/id?1018546
http://www.securitytracker.com/id?1018547
http://www.symantec.com/avcenter/security/Content/2007.08.09.html
http://www.vupen.com/english/advisories/2007/2822
https://exchange.xforce.ibmcloud.com/vulnerabilities/35944

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-2955
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html