CVE-1999-1380 - Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scrip

CVE-1999-1380

Summary

Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0.

References

http://mlarchive.ima.com/win95/1997/May/0342.html
http://news.zdnet.co.uk/story/0,,s2065518,00.html
http://www.iss.net/security_center/static/7188.php
http://www.net-security.sk/bugs/NT/nu20.html

Vulnerable Configurations

cpe:2.3:a:symantec:norton_utilities:2.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:norton_utilities:2.0:*:*:*:*:*:*:*

CVSS

Base:	5.1 (as of 05-09-2008 - 20:19)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:H/Au:N/C:P/I:P/A:P

refmap via4

misc	http://mlarchive.ima.com/win95/1997/May/0342.html http://news.zdnet.co.uk/story/0,,s2065518,00.html http://www.net-security.sk/bugs/NT/nu20.html
xf	nu-tuneocx-activex-control(7188)

Last major update

05-09-2008 - 20:19

Published

04-05-1997 - 04:00

Last modified

05-09-2008 - 20:19