Vulnerability Details : CVE-2006-6490
Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message.
Vulnerability category: Execute code
Products affected by CVE-2006-6490
- cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_system_works:2006:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:automated_support_assistant:*:*:*:*:*:*:*:*
- cpe:2.3:a:supportsoft:scriptrunner:*:*:*:*:*:*:*:*
- cpe:2.3:a:supportsoft:smartissue:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-6490
40.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-6490
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2006-6490
-
http://www.securitytracker.com/id?1017690
-
http://www.securitytracker.com/id?1017689
-
http://www.securitytracker.com/id?1017688
-
http://www.symantec.com/avcenter/security/Content/2007.02.22.html
Patch
-
http://www.securityfocus.com/archive/1/461147/100/0/threaded
-
http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html
-
http://www.securityfocus.com/bid/22564
-
http://www.securitytracker.com/id?1017691
-
http://www.vupen.com/english/advisories/2007/0704
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/32636
-
http://www.vupen.com/english/advisories/2007/0703
-
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478
-
http://www.kb.cert.org/vuls/id/441785
US Government Resource
Jump to