CVE-2007-2955 - Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavCom

CVE-2007-2955

Summary

Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA.

References

Vulnerable Configurations

cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*
cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*
cpe:2.3:a:symantec:norton_internet_security:2005:*:anti_spyware:*:*:*:*:*
cpe:2.3:a:symantec:norton_internet_security:2005:*:anti_spyware:*:*:*:*:*
cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*
cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*
cpe:2.3:a:symantec:norton_system_works:2006:*:*:*:*:*:*:*
cpe:2.3:a:symantec:norton_system_works:2006:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 29-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	24983
confirm	http://www.symantec.com/avcenter/security/Content/2007.08.09.html
misc	http://secunia.com/secunia_research/2007-53/advisory/
sectrack	1018545 1018546 1018547
secunia	25215
vupen	ADV-2007-2822
xf	symantec-navcomui-code-execution(35944)

saint via4

bid	24983
description	Symantec Norton NavComUI ActiveX control vulnerability
id	misc_av_symantec_navcomuiax
osvdb	36477
title	symantec_navcomui
type	client

Last major update

29-07-2017 - 01:31

Published

09-08-2007 - 21:17

Last modified

29-07-2017 - 01:31