CVE-2006-6490

{"id": "CVE-2006-6490", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-02-22T21:28:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html", "source": "cret@cert.org"}, {"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478", "source": "cret@cert.org"}, {"url": "http://osvdb.org/33481", "source": "cret@cert.org"}, {"url": "http://osvdb.org/33482", "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/24246", "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/24251", "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/441785", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/archive/1/461147/100/0/threaded", "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/22564", "source": "cret@cert.org"}, {"url": "http://www.securitytracker.com/id?1017688", "source": "cret@cert.org"}, {"url": "http://www.securitytracker.com/id?1017689", "source": "cret@cert.org"}, {"url": "http://www.securitytracker.com/id?1017690", "source": "cret@cert.org"}, {"url": "http://www.securitytracker.com/id?1017691", "source": "cret@cert.org"}, {"url": "http://www.symantec.com/avcenter/security/Content/2007.02.22.html", "tags": ["Patch"], "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0703", "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0704", "source": "cret@cert.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32636", "source": "cret@cert.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message."}, {"lang": "es", "value": "M\u00faltiples desbordamiento de b\u00fafer en los controles ActiveX de SupportSoft (1) SmartIssue (tgctlsi.dll) y (2) ScriptRunner (tgctlsr.dll), tal y como se usan en Symantec Automated Support Assistant y Norton AntiVirus, Internet Security, y System Works 2006, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un mensaje HTML manipulado."}], "lastModified": "2018-10-17T21:48:21.300", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:supportsoft:scriptrunner:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98D33388-F9B0-4901-AB69-D68BB3856336"}, {"criteria": "cpe:2.3:a:supportsoft:smartissue:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81D23C4B-6BD4-4355-8F5E-793EBFB6C19A"}, {"criteria": "cpe:2.3:a:symantec:automated_support_assistant:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8B0CDB6-4DB2-4F75-B408-7E8EC39446FD"}, {"criteria": "cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44843812-35FC-4378-B239-EEC74A0C8A39"}, {"criteria": "cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1CC64B1-772C-42A9-9B0A-08CA92DC87E4"}, {"criteria": "cpe:2.3:a:symantec:norton_system_works:2006:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05EB078C-2538-4961-ABFF-6C4601C3977F"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}