Search

Find a vulnerability

Search criteria

    38 vulnerabilities found for norton_system_works by symantec

    CVE-2008-0312 (GCVE-0-2008-0312)

    Vulnerability from nvd – Published: 2008-04-08 17:00 – Updated: 2024-08-07 07:39
    VLAI
    Summary
    Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id?1019753 vdb-entryx_refsource_SECTRACK
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    http://www.securitytracker.com/id?1019751 vdb-entryx_refsource_SECTRACK
    http://www.securitytracker.com/id?1019752 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/29660 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/1077… vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/28507 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    Date Public
    2008-04-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:39:35.061Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1019753",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019753"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html"
              },
              {
                "name": "1019751",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019751"
              },
              {
                "name": "1019752",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019752"
              },
              {
                "name": "29660",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29660"
              },
              {
                "name": "ADV-2008-1077",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1077/references"
              },
              {
                "name": "28507",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28507"
              },
              {
                "name": "symantec-autofixtool-bo(41629)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41629"
              },
              {
                "name": "20080402 Symantec Norton Internet Security 2008 ActiveX Control Buffer Overflow Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=677"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-04-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method.  NOTE: some of these details are obtained from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1019753",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019753"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html"
            },
            {
              "name": "1019751",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019751"
            },
            {
              "name": "1019752",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019752"
            },
            {
              "name": "29660",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29660"
            },
            {
              "name": "ADV-2008-1077",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1077/references"
            },
            {
              "name": "28507",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28507"
            },
            {
              "name": "symantec-autofixtool-bo(41629)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41629"
            },
            {
              "name": "20080402 Symantec Norton Internet Security 2008 ActiveX Control Buffer Overflow Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=677"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0312",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method.  NOTE: some of these details are obtained from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1019753",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019753"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html"
                },
                {
                  "name": "1019751",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019751"
                },
                {
                  "name": "1019752",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019752"
                },
                {
                  "name": "29660",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29660"
                },
                {
                  "name": "ADV-2008-1077",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1077/references"
                },
                {
                  "name": "28507",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28507"
                },
                {
                  "name": "symantec-autofixtool-bo(41629)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41629"
                },
                {
                  "name": "20080402 Symantec Norton Internet Security 2008 ActiveX Control Buffer Overflow Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=677"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0312",
        "datePublished": "2008-04-08T17:00:00.000Z",
        "dateReserved": "2008-01-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:39:35.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-3699 (GCVE-0-2007-3699)

    Vulnerability from nvd – Published: 2007-10-05 21:00 – Updated: 2024-08-07 14:28
    VLAI
    Summary
    The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/26053 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/2508 vdb-entryx_refsource_VUPEN
    http://osvdb.org/36119 vdb-entryx_refsource_OSVDB
    http://www.zerodayinitiative.com/advisories/ZDI-0… x_refsource_MISC
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/24282 vdb-entryx_refsource_BID
    Date Public
    2007-07-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:28:52.091Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "26053",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26053"
              },
              {
                "name": "ADV-2007-2508",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2508"
              },
              {
                "name": "36119",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/36119"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-039.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html"
              },
              {
                "name": "24282",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24282"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-07-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-02-26T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "26053",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26053"
            },
            {
              "name": "ADV-2007-2508",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2508"
            },
            {
              "name": "36119",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/36119"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-039.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html"
            },
            {
              "name": "24282",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24282"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-3699",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "26053",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26053"
                },
                {
                  "name": "ADV-2007-2508",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2508"
                },
                {
                  "name": "36119",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/36119"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-039.html",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-039.html"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html"
                },
                {
                  "name": "24282",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24282"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-3699",
        "datePublished": "2007-10-05T21:00:00.000Z",
        "dateReserved": "2007-07-11T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:28:52.091Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-0447 (GCVE-0-2007-0447)

    Vulnerability from nvd – Published: 2007-10-05 21:00 – Updated: 2024-08-07 12:19
    VLAI
    Summary
    Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/26053 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/2508 vdb-entryx_refsource_VUPEN
    http://osvdb.org/36118 vdb-entryx_refsource_OSVDB
    http://www.zerodayinitiative.com/advisories/ZDI-0… x_refsource_MISC
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/24282 vdb-entryx_refsource_BID
    Date Public
    2007-07-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:19:30.204Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "26053",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26053"
              },
              {
                "name": "ADV-2007-2508",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2508"
              },
              {
                "name": "36118",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/36118"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-040.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html"
              },
              {
                "name": "24282",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24282"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-07-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-02-26T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "26053",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26053"
            },
            {
              "name": "ADV-2007-2508",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2508"
            },
            {
              "name": "36118",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/36118"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-040.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html"
            },
            {
              "name": "24282",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24282"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-0447",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "26053",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26053"
                },
                {
                  "name": "ADV-2007-2508",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2508"
                },
                {
                  "name": "36118",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/36118"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-040.html",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-040.html"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html"
                },
                {
                  "name": "24282",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24282"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-0447",
        "datePublished": "2007-10-05T21:00:00.000Z",
        "dateReserved": "2007-01-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:19:30.204Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2955 (GCVE-0-2007-2955)

    Vulnerability from nvd – Published: 2007-08-09 21:00 – Updated: 2024-08-07 13:57
    VLAI
    Summary
    Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2007-08-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:57:54.467Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "symantec-navcomui-code-execution(35944)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35944"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/avcenter/security/Content/2007.08.09.html"
              },
              {
                "name": "1018547",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018547"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://secunia.com/secunia_research/2007-53/advisory/"
              },
              {
                "name": "ADV-2007-2822",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2822"
              },
              {
                "name": "25215",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25215"
              },
              {
                "name": "1018546",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018546"
              },
              {
                "name": "24983",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24983"
              },
              {
                "name": "1018545",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018545"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-08-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple unspecified \"input validation error\" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
            "shortName": "flexera"
          },
          "references": [
            {
              "name": "symantec-navcomui-code-execution(35944)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35944"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/avcenter/security/Content/2007.08.09.html"
            },
            {
              "name": "1018547",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018547"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://secunia.com/secunia_research/2007-53/advisory/"
            },
            {
              "name": "ADV-2007-2822",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2822"
            },
            {
              "name": "25215",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25215"
            },
            {
              "name": "1018546",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018546"
            },
            {
              "name": "24983",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24983"
            },
            {
              "name": "1018545",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018545"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
              "ID": "CVE-2007-2955",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple unspecified \"input validation error\" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "symantec-navcomui-code-execution(35944)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35944"
                },
                {
                  "name": "http://www.symantec.com/avcenter/security/Content/2007.08.09.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/avcenter/security/Content/2007.08.09.html"
                },
                {
                  "name": "1018547",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018547"
                },
                {
                  "name": "http://secunia.com/secunia_research/2007-53/advisory/",
                  "refsource": "MISC",
                  "url": "http://secunia.com/secunia_research/2007-53/advisory/"
                },
                {
                  "name": "ADV-2007-2822",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2822"
                },
                {
                  "name": "25215",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25215"
                },
                {
                  "name": "1018546",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018546"
                },
                {
                  "name": "24983",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24983"
                },
                {
                  "name": "1018545",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018545"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "assignerShortName": "flexera",
        "cveId": "CVE-2007-2955",
        "datePublished": "2007-08-09T21:00:00.000Z",
        "dateReserved": "2007-05-31T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:57:54.467Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-3673 (GCVE-0-2007-3673)

    Vulnerability from nvd – Published: 2007-07-15 21:00 – Updated: 2024-08-07 14:28
    VLAI
    Summary
    Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\symTDI\, which results in memory overwrite.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/26042 third-party-advisoryx_refsource_SECUNIA
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/22351 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2007/2507 vdb-entryx_refsource_VUPEN
    http://osvdb.org/36117 vdb-entryx_refsource_OSVDB
    http://securitytracker.com/id?1018372 vdb-entryx_refsource_SECTRACK
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    Date Public
    2007-07-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:28:51.445Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "26042",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26042"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11d.html"
              },
              {
                "name": "symantec-multi-symtdi-privilege-escalation(35347)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35347"
              },
              {
                "name": "22351",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22351"
              },
              {
                "name": "ADV-2007-2507",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2507"
              },
              {
                "name": "36117",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/36117"
              },
              {
                "name": "1018372",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1018372"
              },
              {
                "name": "20070711 Symantec AntiVirus symtdi.sys Local Privilege Escalation Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=554"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-07-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\\\symTDI\\, which results in memory overwrite."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "26042",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26042"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11d.html"
            },
            {
              "name": "symantec-multi-symtdi-privilege-escalation(35347)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35347"
            },
            {
              "name": "22351",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22351"
            },
            {
              "name": "ADV-2007-2507",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2507"
            },
            {
              "name": "36117",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/36117"
            },
            {
              "name": "1018372",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1018372"
            },
            {
              "name": "20070711 Symantec AntiVirus symtdi.sys Local Privilege Escalation Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=554"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-3673",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\\\symTDI\\, which results in memory overwrite."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "26042",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26042"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11d.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11d.html"
                },
                {
                  "name": "symantec-multi-symtdi-privilege-escalation(35347)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35347"
                },
                {
                  "name": "22351",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22351"
                },
                {
                  "name": "ADV-2007-2507",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2507"
                },
                {
                  "name": "36117",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/36117"
                },
                {
                  "name": "1018372",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1018372"
                },
                {
                  "name": "20070711 Symantec AntiVirus symtdi.sys Local Privilege Escalation Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=554"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-3673",
        "datePublished": "2007-07-15T21:00:00.000Z",
        "dateReserved": "2007-07-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:28:51.445Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3456 (GCVE-0-2006-3456)

    Vulnerability from nvd – Published: 2007-05-11 10:00 – Updated: 2024-08-07 18:30
    VLAI
    Summary
    The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.symantec.com/avcenter/security/Content… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2007/1751 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/23822 vdb-entryx_refsource_BID
    http://secunia.com/advisories/25172 third-party-advisoryx_refsource_SECUNIA
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    http://osvdb.org/35075 vdb-entryx_refsource_OSVDB
    http://www.securitytracker.com/id?1018031 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2007-05-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:30:33.495Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/avcenter/security/Content/2007.05.09.html"
              },
              {
                "name": "ADV-2007-1751",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1751"
              },
              {
                "name": "23822",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23822"
              },
              {
                "name": "25172",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25172"
              },
              {
                "name": "20070509 Symantec Norton Internet Security 2006 COM Object Security ByPass Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=529"
              },
              {
                "name": "35075",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/35075"
              },
              {
                "name": "1018031",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018031"
              },
              {
                "name": "symantec-navopts-security-bypass(34200)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34200"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-05-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to \"crash the control\" via unspecified vectors related to content on a web site, and place Internet Explorer into a \"defunct state\" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting.  NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/avcenter/security/Content/2007.05.09.html"
            },
            {
              "name": "ADV-2007-1751",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1751"
            },
            {
              "name": "23822",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23822"
            },
            {
              "name": "25172",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25172"
            },
            {
              "name": "20070509 Symantec Norton Internet Security 2006 COM Object Security ByPass Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=529"
            },
            {
              "name": "35075",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/35075"
            },
            {
              "name": "1018031",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018031"
            },
            {
              "name": "symantec-navopts-security-bypass(34200)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34200"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3456",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to \"crash the control\" via unspecified vectors related to content on a web site, and place Internet Explorer into a \"defunct state\" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting.  NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.symantec.com/avcenter/security/Content/2007.05.09.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/avcenter/security/Content/2007.05.09.html"
                },
                {
                  "name": "ADV-2007-1751",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1751"
                },
                {
                  "name": "23822",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23822"
                },
                {
                  "name": "25172",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25172"
                },
                {
                  "name": "20070509 Symantec Norton Internet Security 2006 COM Object Security ByPass Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=529"
                },
                {
                  "name": "35075",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/35075"
                },
                {
                  "name": "1018031",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018031"
                },
                {
                  "name": "symantec-navopts-security-bypass(34200)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34200"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3456",
        "datePublished": "2007-05-11T10:00:00.000Z",
        "dateReserved": "2006-07-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:30:33.495Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1793 (GCVE-0-2007-1793)

    Vulnerability from nvd – Published: 2007-04-02 22:00 – Updated: 2024-08-07 13:06
    VLAI
    Summary
    SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions. NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2007-04-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:06:26.391Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2007-1192",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1192"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.matousec.com/info/advisories/Norton-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php"
              },
              {
                "name": "20070401 Norton Multiple insufficient argument validation of hooked SSDT function Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/464456/100/0/threaded"
              },
              {
                "name": "1021386",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021386"
              },
              {
                "name": "1017837",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017837"
              },
              {
                "name": "23241",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23241"
              },
              {
                "name": "1021388",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021388"
              },
              {
                "name": "1021389",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021389"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.12.12.html"
              },
              {
                "name": "symantec-firewall-ssdt-dos(33352)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33352"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php"
              },
              {
                "name": "34692",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/34692"
              },
              {
                "name": "1017838",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017838"
              },
              {
                "name": "1021387",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021387"
              },
              {
                "name": "24677",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24677"
              },
              {
                "name": "20070918 Plague in (security) software drivers \u0026 BSDOhook utility",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/479830/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions.  NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2007-1192",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1192"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.matousec.com/info/advisories/Norton-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php"
            },
            {
              "name": "20070401 Norton Multiple insufficient argument validation of hooked SSDT function Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/464456/100/0/threaded"
            },
            {
              "name": "1021386",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021386"
            },
            {
              "name": "1017837",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017837"
            },
            {
              "name": "23241",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23241"
            },
            {
              "name": "1021388",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021388"
            },
            {
              "name": "1021389",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021389"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.12.12.html"
            },
            {
              "name": "symantec-firewall-ssdt-dos(33352)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33352"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php"
            },
            {
              "name": "34692",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/34692"
            },
            {
              "name": "1017838",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017838"
            },
            {
              "name": "1021387",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021387"
            },
            {
              "name": "24677",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24677"
            },
            {
              "name": "20070918 Plague in (security) software drivers \u0026 BSDOhook utility",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/479830/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1793",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions.  NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2007-1192",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1192"
                },
                {
                  "name": "http://www.matousec.com/info/advisories/Norton-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php",
                  "refsource": "MISC",
                  "url": "http://www.matousec.com/info/advisories/Norton-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php"
                },
                {
                  "name": "20070401 Norton Multiple insufficient argument validation of hooked SSDT function Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/464456/100/0/threaded"
                },
                {
                  "name": "1021386",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021386"
                },
                {
                  "name": "1017837",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017837"
                },
                {
                  "name": "23241",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23241"
                },
                {
                  "name": "1021388",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021388"
                },
                {
                  "name": "1021389",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021389"
                },
                {
                  "name": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php",
                  "refsource": "MISC",
                  "url": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2008.12.12.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.12.12.html"
                },
                {
                  "name": "symantec-firewall-ssdt-dos(33352)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33352"
                },
                {
                  "name": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php",
                  "refsource": "MISC",
                  "url": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php"
                },
                {
                  "name": "34692",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/34692"
                },
                {
                  "name": "1017838",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017838"
                },
                {
                  "name": "1021387",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021387"
                },
                {
                  "name": "24677",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24677"
                },
                {
                  "name": "20070918 Plague in (security) software drivers \u0026 BSDOhook utility",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/479830/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1793",
        "datePublished": "2007-04-02T22:00:00.000Z",
        "dateReserved": "2007-04-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:06:26.391Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1476 (GCVE-0-2007-1476)

    Vulnerability from nvd – Published: 2007-03-16 21:00 – Updated: 2024-08-07 12:59
    VLAI
    Summary
    The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver's \Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2007-03-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:59:08.338Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/avcenter/security/Content/2007.09.05.html"
              },
              {
                "name": "20070315 Norton Insufficient validation of \u0027SymTDI\u0027 driver input buffer",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/462926/100/0/threaded"
              },
              {
                "name": "20070315 Norton Insufficient validation of \u0027SymTDI\u0027 driver",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=full-disclosure\u0026m=117396596027148\u0026w=2"
              },
              {
                "name": "symantec-firewall-symtdi-dos(33003)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33003"
              },
              {
                "name": "22977",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22977"
              },
              {
                "name": "35088",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/35088"
              },
              {
                "name": "2438",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2438"
              },
              {
                "name": "1018656",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1018656"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymTDI-driver-input-buffer.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver\u0027s \\Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/avcenter/security/Content/2007.09.05.html"
            },
            {
              "name": "20070315 Norton Insufficient validation of \u0027SymTDI\u0027 driver input buffer",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/462926/100/0/threaded"
            },
            {
              "name": "20070315 Norton Insufficient validation of \u0027SymTDI\u0027 driver",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://marc.info/?l=full-disclosure\u0026m=117396596027148\u0026w=2"
            },
            {
              "name": "symantec-firewall-symtdi-dos(33003)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33003"
            },
            {
              "name": "22977",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22977"
            },
            {
              "name": "35088",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/35088"
            },
            {
              "name": "2438",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2438"
            },
            {
              "name": "1018656",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1018656"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymTDI-driver-input-buffer.php"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1476",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver\u0027s \\Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.symantec.com/avcenter/security/Content/2007.09.05.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/avcenter/security/Content/2007.09.05.html"
                },
                {
                  "name": "20070315 Norton Insufficient validation of \u0027SymTDI\u0027 driver input buffer",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/462926/100/0/threaded"
                },
                {
                  "name": "20070315 Norton Insufficient validation of \u0027SymTDI\u0027 driver",
                  "refsource": "FULLDISC",
                  "url": "http://marc.info/?l=full-disclosure\u0026m=117396596027148\u0026w=2"
                },
                {
                  "name": "symantec-firewall-symtdi-dos(33003)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33003"
                },
                {
                  "name": "22977",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22977"
                },
                {
                  "name": "35088",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/35088"
                },
                {
                  "name": "2438",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2438"
                },
                {
                  "name": "1018656",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1018656"
                },
                {
                  "name": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymTDI-driver-input-buffer.php",
                  "refsource": "MISC",
                  "url": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymTDI-driver-input-buffer.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1476",
        "datePublished": "2007-03-16T21:00:00.000Z",
        "dateReserved": "2007-03-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:59:08.338Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-6490 (GCVE-0-2006-6490)

    Vulnerability from nvd – Published: 2007-02-22 21:00 – Updated: 2024-08-07 20:26
    VLAI
    Summary
    Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    http://www.kb.cert.org/vuls/id/441785 third-party-advisoryx_refsource_CERT-VN
    http://www.vupen.com/english/advisories/2007/0704 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/461147/100… mailing-listx_refsource_BUGTRAQ
    http://www.securitytracker.com/id?1017688 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2007/0703 vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1017691 vdb-entryx_refsource_SECTRACK
    http://osvdb.org/33482 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/24251 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/22564 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id?1017689 vdb-entryx_refsource_SECTRACK
    http://www.securitytracker.com/id?1017690 vdb-entryx_refsource_SECTRACK
    http://www.symantec.com/avcenter/security/Content… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://osvdb.org/33481 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/24246 third-party-advisoryx_refsource_SECUNIA
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    Date Public
    2007-02-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T20:26:46.567Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20070223 Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html"
              },
              {
                "name": "VU#441785",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/441785"
              },
              {
                "name": "ADV-2007-0704",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/0704"
              },
              {
                "name": "20070223 Re: Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/461147/100/0/threaded"
              },
              {
                "name": "1017688",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017688"
              },
              {
                "name": "ADV-2007-0703",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/0703"
              },
              {
                "name": "1017691",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017691"
              },
              {
                "name": "33482",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/33482"
              },
              {
                "name": "24251",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24251"
              },
              {
                "name": "22564",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22564"
              },
              {
                "name": "1017689",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017689"
              },
              {
                "name": "1017690",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017690"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/avcenter/security/Content/2007.02.22.html"
              },
              {
                "name": "supportsoft-activex-multiple-bo(32636)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32636"
              },
              {
                "name": "33481",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/33481"
              },
              {
                "name": "24246",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24246"
              },
              {
                "name": "20070222 Multiple Vendor SupportSoft SmartIssue ActiveX Control Buffer Overflow Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-02-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "20070223 Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html"
            },
            {
              "name": "VU#441785",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/441785"
            },
            {
              "name": "ADV-2007-0704",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0704"
            },
            {
              "name": "20070223 Re: Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/461147/100/0/threaded"
            },
            {
              "name": "1017688",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017688"
            },
            {
              "name": "ADV-2007-0703",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0703"
            },
            {
              "name": "1017691",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017691"
            },
            {
              "name": "33482",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/33482"
            },
            {
              "name": "24251",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24251"
            },
            {
              "name": "22564",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22564"
            },
            {
              "name": "1017689",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017689"
            },
            {
              "name": "1017690",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017690"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/avcenter/security/Content/2007.02.22.html"
            },
            {
              "name": "supportsoft-activex-multiple-bo(32636)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32636"
            },
            {
              "name": "33481",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/33481"
            },
            {
              "name": "24246",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24246"
            },
            {
              "name": "20070222 Multiple Vendor SupportSoft SmartIssue ActiveX Control Buffer Overflow Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2006-6490",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20070223 Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html"
                },
                {
                  "name": "VU#441785",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/441785"
                },
                {
                  "name": "ADV-2007-0704",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/0704"
                },
                {
                  "name": "20070223 Re: Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/461147/100/0/threaded"
                },
                {
                  "name": "1017688",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017688"
                },
                {
                  "name": "ADV-2007-0703",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/0703"
                },
                {
                  "name": "1017691",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017691"
                },
                {
                  "name": "33482",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/33482"
                },
                {
                  "name": "24251",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24251"
                },
                {
                  "name": "22564",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22564"
                },
                {
                  "name": "1017689",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017689"
                },
                {
                  "name": "1017690",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017690"
                },
                {
                  "name": "http://www.symantec.com/avcenter/security/Content/2007.02.22.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/avcenter/security/Content/2007.02.22.html"
                },
                {
                  "name": "supportsoft-activex-multiple-bo(32636)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32636"
                },
                {
                  "name": "33481",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/33481"
                },
                {
                  "name": "24246",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24246"
                },
                {
                  "name": "20070222 Multiple Vendor SupportSoft SmartIssue ActiveX Control Buffer Overflow Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2006-6490",
        "datePublished": "2007-02-22T21:00:00.000Z",
        "dateReserved": "2006-12-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T20:26:46.567Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5404 (GCVE-0-2006-5404)

    Vulnerability from nvd – Published: 2006-10-19 01:00 – Updated: 2024-08-07 19:48
    VLAI
    Summary
    Unspecified vulnerability in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to obtain sensitive information via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securitytracker.com/id?1016988 vdb-entryx_refsource_SECTRACK
    http://securitytracker.com/id?1016991 vdb-entryx_refsource_SECTRACK
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    http://securitytracker.com/id?1016989 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2006/3929 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/22228 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1016990 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/20348 vdb-entryx_refsource_BID
    Date Public
    2006-10-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:48:30.398Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1016988",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016988"
              },
              {
                "name": "1016991",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016991"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
              },
              {
                "name": "1016989",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016989"
              },
              {
                "name": "ADV-2006-3929",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3929"
              },
              {
                "name": "22228",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22228"
              },
              {
                "name": "1016990",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016990"
              },
              {
                "name": "symantec-support-tool-info-disclosure(29366)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29366"
              },
              {
                "name": "20348",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/20348"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-10-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to obtain sensitive information via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1016988",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016988"
            },
            {
              "name": "1016991",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016991"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
            },
            {
              "name": "1016989",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016989"
            },
            {
              "name": "ADV-2006-3929",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3929"
            },
            {
              "name": "22228",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22228"
            },
            {
              "name": "1016990",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016990"
            },
            {
              "name": "symantec-support-tool-info-disclosure(29366)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29366"
            },
            {
              "name": "20348",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/20348"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-5404",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to obtain sensitive information via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1016988",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016988"
                },
                {
                  "name": "1016991",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016991"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
                },
                {
                  "name": "1016989",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016989"
                },
                {
                  "name": "ADV-2006-3929",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3929"
                },
                {
                  "name": "22228",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22228"
                },
                {
                  "name": "1016990",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016990"
                },
                {
                  "name": "symantec-support-tool-info-disclosure(29366)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29366"
                },
                {
                  "name": "20348",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/20348"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-5404",
        "datePublished": "2006-10-19T01:00:00.000Z",
        "dateReserved": "2006-10-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:48:30.398Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5403 (GCVE-0-2006-5403)

    Vulnerability from nvd – Published: 2006-10-19 01:00 – Updated: 2024-08-07 19:48
    VLAI
    Summary
    Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securitytracker.com/id?1016988 vdb-entryx_refsource_SECTRACK
    http://securitytracker.com/id?1016991 vdb-entryx_refsource_SECTRACK
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    http://securitytracker.com/id?1016989 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2006/3929 vdb-entryx_refsource_VUPEN
    http://www.kb.cert.org/vuls/id/400601 third-party-advisoryx_refsource_CERT-VN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/22228 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1016990 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/20348 vdb-entryx_refsource_BID
    Date Public
    2006-10-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:48:30.152Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1016988",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016988"
              },
              {
                "name": "1016991",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016991"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
              },
              {
                "name": "1016989",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016989"
              },
              {
                "name": "ADV-2006-3929",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3929"
              },
              {
                "name": "VU#400601",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/400601"
              },
              {
                "name": "symantec-support-tool-activex-bo(29363)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29363"
              },
              {
                "name": "22228",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22228"
              },
              {
                "name": "1016990",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016990"
              },
              {
                "name": "20348",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/20348"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-10-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1016988",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016988"
            },
            {
              "name": "1016991",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016991"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
            },
            {
              "name": "1016989",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016989"
            },
            {
              "name": "ADV-2006-3929",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3929"
            },
            {
              "name": "VU#400601",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/400601"
            },
            {
              "name": "symantec-support-tool-activex-bo(29363)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29363"
            },
            {
              "name": "22228",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22228"
            },
            {
              "name": "1016990",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016990"
            },
            {
              "name": "20348",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/20348"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-5403",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1016988",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016988"
                },
                {
                  "name": "1016991",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016991"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
                },
                {
                  "name": "1016989",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016989"
                },
                {
                  "name": "ADV-2006-3929",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3929"
                },
                {
                  "name": "VU#400601",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/400601"
                },
                {
                  "name": "symantec-support-tool-activex-bo(29363)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29363"
                },
                {
                  "name": "22228",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22228"
                },
                {
                  "name": "1016990",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016990"
                },
                {
                  "name": "20348",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/20348"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-5403",
        "datePublished": "2006-10-19T01:00:00.000Z",
        "dateReserved": "2006-10-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:48:30.152Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-4855 (GCVE-0-2006-4855)

    Vulnerability from nvd – Published: 2006-09-19 18:00 – Updated: 2024-08-07 19:23
    VLAI
    Summary
    The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securitytracker.com/id?1016892 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/21938 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1016893 vdb-entryx_refsource_SECTRACK
    http://securitytracker.com/id?1016895 vdb-entryx_refsource_SECTRACK
    http://securitytracker.com/id?1016889 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/archive/1/446111/100… mailing-listx_refsource_BUGTRAQ
    http://securitytracker.com/id?1016897 vdb-entryx_refsource_SECTRACK
    http://securityreason.com/securityalert/1591 third-party-advisoryx_refsource_SREASON
    http://securitytracker.com/id?1016896 vdb-entryx_refsource_SECTRACK
    http://www.matousec.com/info/advisories/Norton-In… x_refsource_MISC
    http://www.securityfocus.com/bid/20051 vdb-entryx_refsource_BID
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2006/3636 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securitytracker.com/id?1016894 vdb-entryx_refsource_SECTRACK
    http://securitytracker.com/id?1016898 vdb-entryx_refsource_SECTRACK
    Date Public
    2006-09-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:23:41.469Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1016892",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016892"
              },
              {
                "name": "21938",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21938"
              },
              {
                "name": "1016893",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016893"
              },
              {
                "name": "1016895",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016895"
              },
              {
                "name": "1016889",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016889"
              },
              {
                "name": "20060915 Symantec Norton Insufficient validation of \u0027SymEvent\u0027 driver input buffer",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/446111/100/0/threaded"
              },
              {
                "name": "1016897",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016897"
              },
              {
                "name": "1591",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1591"
              },
              {
                "name": "1016896",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016896"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php"
              },
              {
                "name": "20051",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/20051"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html"
              },
              {
                "name": "ADV-2006-3636",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3636"
              },
              {
                "name": "symantec-firewall-symevent-dos(28960)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28960"
              },
              {
                "name": "1016894",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016894"
              },
              {
                "name": "1016898",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016898"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-09-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The \\Device\\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1016892",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016892"
            },
            {
              "name": "21938",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21938"
            },
            {
              "name": "1016893",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016893"
            },
            {
              "name": "1016895",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016895"
            },
            {
              "name": "1016889",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016889"
            },
            {
              "name": "20060915 Symantec Norton Insufficient validation of \u0027SymEvent\u0027 driver input buffer",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/446111/100/0/threaded"
            },
            {
              "name": "1016897",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016897"
            },
            {
              "name": "1591",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1591"
            },
            {
              "name": "1016896",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016896"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php"
            },
            {
              "name": "20051",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/20051"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html"
            },
            {
              "name": "ADV-2006-3636",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3636"
            },
            {
              "name": "symantec-firewall-symevent-dos(28960)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28960"
            },
            {
              "name": "1016894",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016894"
            },
            {
              "name": "1016898",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016898"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-4855",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The \\Device\\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1016892",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016892"
                },
                {
                  "name": "21938",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21938"
                },
                {
                  "name": "1016893",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016893"
                },
                {
                  "name": "1016895",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016895"
                },
                {
                  "name": "1016889",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016889"
                },
                {
                  "name": "20060915 Symantec Norton Insufficient validation of \u0027SymEvent\u0027 driver input buffer",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/446111/100/0/threaded"
                },
                {
                  "name": "1016897",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016897"
                },
                {
                  "name": "1591",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1591"
                },
                {
                  "name": "1016896",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016896"
                },
                {
                  "name": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php",
                  "refsource": "MISC",
                  "url": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php"
                },
                {
                  "name": "20051",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/20051"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html"
                },
                {
                  "name": "ADV-2006-3636",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3636"
                },
                {
                  "name": "symantec-firewall-symevent-dos(28960)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28960"
                },
                {
                  "name": "1016894",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016894"
                },
                {
                  "name": "1016898",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016898"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-4855",
        "datePublished": "2006-09-19T18:00:00.000Z",
        "dateReserved": "2006-09-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:23:41.469Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1836 (GCVE-0-2006-1836)

    Vulnerability from nvd – Published: 2006-04-19 16:00 – Updated: 2024-08-07 17:27
    VLAI
    Summary
    Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityreason.com/securityalert/100 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/bid/17571 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2006/1386 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/431318/100… mailing-listx_refsource_BUGTRAQ
    http://securitytracker.com/id?1015953 vdb-entryx_refsource_SECTRACK
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    http://secunia.com/advisories/19682 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2006-04-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:27:29.470Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "100",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/100"
              },
              {
                "name": "17571",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17571"
              },
              {
                "name": "ADV-2006-1386",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/1386"
              },
              {
                "name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
              },
              {
                "name": "1015953",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015953"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
              },
              {
                "name": "19682",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19682"
              },
              {
                "name": "liveupdate-exepath-env-privilege-escalation(25839)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-04-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "100",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/100"
            },
            {
              "name": "17571",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17571"
            },
            {
              "name": "ADV-2006-1386",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/1386"
            },
            {
              "name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
            },
            {
              "name": "1015953",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015953"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
            },
            {
              "name": "19682",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19682"
            },
            {
              "name": "liveupdate-exepath-env-privilege-escalation(25839)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-1836",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "100",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/100"
                },
                {
                  "name": "17571",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/17571"
                },
                {
                  "name": "ADV-2006-1386",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/1386"
                },
                {
                  "name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
                },
                {
                  "name": "1015953",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015953"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
                },
                {
                  "name": "19682",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19682"
                },
                {
                  "name": "liveupdate-exepath-env-privilege-escalation(25839)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-1836",
        "datePublished": "2006-04-19T16:00:00.000Z",
        "dateReserved": "2006-04-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:27:29.470Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-0166 (GCVE-0-2006-0166)

    Vulnerability from nvd – Published: 2006-01-11 21:00 – Updated: 2024-08-07 16:25
    VLAI
    Summary
    Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stores temporary copies of files in the Norton Protected Recycle Bin NProtect directory, which is hidden from the FindFirst and FindNext Windows APIs and allows remote attackers to hide arbitrary files from virus scanners and other products.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2006/0143 vdb-entryx_refsource_VUPEN
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/18402 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1015462 vdb-entryx_refsource_SECTRACK
    Date Public
    2006-01-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:25:34.101Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2006-0143",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/0143"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.01.10.html"
              },
              {
                "name": "systemworks-nprotect-hidden(24061)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24061"
              },
              {
                "name": "18402",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18402"
              },
              {
                "name": "1015462",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015462"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-01-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stores temporary copies of files in the Norton Protected Recycle Bin NProtect directory, which is hidden from the FindFirst and FindNext Windows APIs and allows remote attackers to hide arbitrary files from virus scanners and other products."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2006-0143",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/0143"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.01.10.html"
            },
            {
              "name": "systemworks-nprotect-hidden(24061)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24061"
            },
            {
              "name": "18402",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18402"
            },
            {
              "name": "1015462",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015462"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-0166",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stores temporary copies of files in the Norton Protected Recycle Bin NProtect directory, which is hidden from the FindFirst and FindNext Windows APIs and allows remote attackers to hide arbitrary files from virus scanners and other products."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2006-0143",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/0143"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.01.10.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.01.10.html"
                },
                {
                  "name": "systemworks-nprotect-hidden(24061)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24061"
                },
                {
                  "name": "18402",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18402"
                },
                {
                  "name": "1015462",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015462"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-0166",
        "datePublished": "2006-01-11T21:00:00.000Z",
        "dateReserved": "2006-01-11T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:25:34.101Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-0923 (GCVE-0-2005-0923)

    Vulnerability from nvd – Published: 2005-03-29 05:00 – Updated: 2024-08-07 21:28
    VLAI
    Summary
    The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (CPU consumption and system crash) by renaming a file on a network share.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    http://securitytracker.com/id?1013586 vdb-entryx_refsource_SECTRACK
    http://www.kb.cert.org/vuls/id/713620 third-party-advisoryx_refsource_CERT-VN
    http://securitytracker.com/id?1013587 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/12924 vdb-entryx_refsource_BID
    http://securitytracker.com/id?1013585 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/14741 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2005-03-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T21:28:29.030Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html"
              },
              {
                "name": "1013586",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1013586"
              },
              {
                "name": "VU#713620",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/713620"
              },
              {
                "name": "1013587",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1013587"
              },
              {
                "name": "12924",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/12924"
              },
              {
                "name": "1013585",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1013585"
              },
              {
                "name": "14741",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/14741"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-03-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (CPU consumption and system crash) by renaming a file on a network share."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-04-05T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html"
            },
            {
              "name": "1013586",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1013586"
            },
            {
              "name": "VU#713620",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/713620"
            },
            {
              "name": "1013587",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1013587"
            },
            {
              "name": "12924",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/12924"
            },
            {
              "name": "1013585",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1013585"
            },
            {
              "name": "14741",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/14741"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-0923",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (CPU consumption and system crash) by renaming a file on a network share."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html"
                },
                {
                  "name": "1013586",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1013586"
                },
                {
                  "name": "VU#713620",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/713620"
                },
                {
                  "name": "1013587",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1013587"
                },
                {
                  "name": "12924",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/12924"
                },
                {
                  "name": "1013585",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1013585"
                },
                {
                  "name": "14741",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/14741"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-0923",
        "datePublished": "2005-03-29T05:00:00.000Z",
        "dateReserved": "2005-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T21:28:29.030Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2005-0922 (GCVE-0-2005-0922)

    Vulnerability from nvd – Published: 2005-03-29 05:00 – Updated: 2024-08-07 21:28
    VLAI
    Summary
    Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (system hang or crash) by triggering a scan of a certain file type.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/12923 vdb-entryx_refsource_BID
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    http://securitytracker.com/id?1013586 vdb-entryx_refsource_SECTRACK
    http://www.kb.cert.org/vuls/id/146020 third-party-advisoryx_refsource_CERT-VN
    http://securitytracker.com/id?1013587 vdb-entryx_refsource_SECTRACK
    http://securitytracker.com/id?1013585 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/14741 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2005-03-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T21:28:29.084Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "12923",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/12923"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html"
              },
              {
                "name": "1013586",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1013586"
              },
              {
                "name": "VU#146020",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/146020"
              },
              {
                "name": "1013587",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1013587"
              },
              {
                "name": "1013585",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1013585"
              },
              {
                "name": "14741",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/14741"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2005-03-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (system hang or crash) by triggering a scan of a certain file type."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2005-04-05T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "12923",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/12923"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html"
            },
            {
              "name": "1013586",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1013586"
            },
            {
              "name": "VU#146020",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/146020"
            },
            {
              "name": "1013587",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1013587"
            },
            {
              "name": "1013585",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1013585"
            },
            {
              "name": "14741",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/14741"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2005-0922",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (system hang or crash) by triggering a scan of a certain file type."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "12923",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/12923"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html"
                },
                {
                  "name": "1013586",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1013586"
                },
                {
                  "name": "VU#146020",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/146020"
                },
                {
                  "name": "1013587",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1013587"
                },
                {
                  "name": "1013585",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1013585"
                },
                {
                  "name": "14741",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/14741"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2005-0922",
        "datePublished": "2005-03-29T05:00:00.000Z",
        "dateReserved": "2005-03-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T21:28:29.084Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0312 (GCVE-0-2008-0312)

    Vulnerability from cvelistv5 – Published: 2008-04-08 17:00 – Updated: 2024-08-07 07:39
    VLAI
    Summary
    Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id?1019753 vdb-entryx_refsource_SECTRACK
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    http://www.securitytracker.com/id?1019751 vdb-entryx_refsource_SECTRACK
    http://www.securitytracker.com/id?1019752 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/29660 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2008/1077… vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/28507 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    Date Public
    2008-04-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:39:35.061Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1019753",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019753"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html"
              },
              {
                "name": "1019751",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019751"
              },
              {
                "name": "1019752",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1019752"
              },
              {
                "name": "29660",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29660"
              },
              {
                "name": "ADV-2008-1077",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2008/1077/references"
              },
              {
                "name": "28507",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/28507"
              },
              {
                "name": "symantec-autofixtool-bo(41629)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41629"
              },
              {
                "name": "20080402 Symantec Norton Internet Security 2008 ActiveX Control Buffer Overflow Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=677"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-04-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method.  NOTE: some of these details are obtained from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-07T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1019753",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019753"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html"
            },
            {
              "name": "1019751",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019751"
            },
            {
              "name": "1019752",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1019752"
            },
            {
              "name": "29660",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29660"
            },
            {
              "name": "ADV-2008-1077",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2008/1077/references"
            },
            {
              "name": "28507",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/28507"
            },
            {
              "name": "symantec-autofixtool-bo(41629)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41629"
            },
            {
              "name": "20080402 Symantec Norton Internet Security 2008 ActiveX Control Buffer Overflow Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=677"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0312",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method.  NOTE: some of these details are obtained from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1019753",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019753"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html"
                },
                {
                  "name": "1019751",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019751"
                },
                {
                  "name": "1019752",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1019752"
                },
                {
                  "name": "29660",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29660"
                },
                {
                  "name": "ADV-2008-1077",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2008/1077/references"
                },
                {
                  "name": "28507",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/28507"
                },
                {
                  "name": "symantec-autofixtool-bo(41629)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41629"
                },
                {
                  "name": "20080402 Symantec Norton Internet Security 2008 ActiveX Control Buffer Overflow Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=677"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0312",
        "datePublished": "2008-04-08T17:00:00.000Z",
        "dateReserved": "2008-01-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:39:35.061Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-3699 (GCVE-0-2007-3699)

    Vulnerability from cvelistv5 – Published: 2007-10-05 21:00 – Updated: 2024-08-07 14:28
    VLAI
    Summary
    The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/26053 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/2508 vdb-entryx_refsource_VUPEN
    http://osvdb.org/36119 vdb-entryx_refsource_OSVDB
    http://www.zerodayinitiative.com/advisories/ZDI-0… x_refsource_MISC
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/24282 vdb-entryx_refsource_BID
    Date Public
    2007-07-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:28:52.091Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "26053",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26053"
              },
              {
                "name": "ADV-2007-2508",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2508"
              },
              {
                "name": "36119",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/36119"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-039.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html"
              },
              {
                "name": "24282",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24282"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-07-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-02-26T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "26053",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26053"
            },
            {
              "name": "ADV-2007-2508",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2508"
            },
            {
              "name": "36119",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/36119"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-039.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html"
            },
            {
              "name": "24282",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24282"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-3699",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "26053",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26053"
                },
                {
                  "name": "ADV-2007-2508",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2508"
                },
                {
                  "name": "36119",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/36119"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-039.html",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-039.html"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html"
                },
                {
                  "name": "24282",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24282"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-3699",
        "datePublished": "2007-10-05T21:00:00.000Z",
        "dateReserved": "2007-07-11T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:28:52.091Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-0447 (GCVE-0-2007-0447)

    Vulnerability from cvelistv5 – Published: 2007-10-05 21:00 – Updated: 2024-08-07 12:19
    VLAI
    Summary
    Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/26053 third-party-advisoryx_refsource_SECUNIA
    http://www.vupen.com/english/advisories/2007/2508 vdb-entryx_refsource_VUPEN
    http://osvdb.org/36118 vdb-entryx_refsource_OSVDB
    http://www.zerodayinitiative.com/advisories/ZDI-0… x_refsource_MISC
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/24282 vdb-entryx_refsource_BID
    Date Public
    2007-07-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:19:30.204Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "26053",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26053"
              },
              {
                "name": "ADV-2007-2508",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2508"
              },
              {
                "name": "36118",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/36118"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-040.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html"
              },
              {
                "name": "24282",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24282"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-07-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-02-26T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "26053",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26053"
            },
            {
              "name": "ADV-2007-2508",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2508"
            },
            {
              "name": "36118",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/36118"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-040.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html"
            },
            {
              "name": "24282",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24282"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-0447",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "26053",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26053"
                },
                {
                  "name": "ADV-2007-2508",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2508"
                },
                {
                  "name": "36118",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/36118"
                },
                {
                  "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-040.html",
                  "refsource": "MISC",
                  "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-040.html"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html"
                },
                {
                  "name": "24282",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24282"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-0447",
        "datePublished": "2007-10-05T21:00:00.000Z",
        "dateReserved": "2007-01-23T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:19:30.204Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-2955 (GCVE-0-2007-2955)

    Vulnerability from cvelistv5 – Published: 2007-08-09 21:00 – Updated: 2024-08-07 13:57
    VLAI
    Summary
    Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2007-08-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:57:54.467Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "symantec-navcomui-code-execution(35944)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35944"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/avcenter/security/Content/2007.08.09.html"
              },
              {
                "name": "1018547",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018547"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://secunia.com/secunia_research/2007-53/advisory/"
              },
              {
                "name": "ADV-2007-2822",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2822"
              },
              {
                "name": "25215",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25215"
              },
              {
                "name": "1018546",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018546"
              },
              {
                "name": "24983",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/24983"
              },
              {
                "name": "1018545",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018545"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-08-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple unspecified \"input validation error\" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
            "shortName": "flexera"
          },
          "references": [
            {
              "name": "symantec-navcomui-code-execution(35944)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35944"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/avcenter/security/Content/2007.08.09.html"
            },
            {
              "name": "1018547",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018547"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://secunia.com/secunia_research/2007-53/advisory/"
            },
            {
              "name": "ADV-2007-2822",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2822"
            },
            {
              "name": "25215",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25215"
            },
            {
              "name": "1018546",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018546"
            },
            {
              "name": "24983",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/24983"
            },
            {
              "name": "1018545",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018545"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
              "ID": "CVE-2007-2955",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple unspecified \"input validation error\" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "symantec-navcomui-code-execution(35944)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35944"
                },
                {
                  "name": "http://www.symantec.com/avcenter/security/Content/2007.08.09.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/avcenter/security/Content/2007.08.09.html"
                },
                {
                  "name": "1018547",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018547"
                },
                {
                  "name": "http://secunia.com/secunia_research/2007-53/advisory/",
                  "refsource": "MISC",
                  "url": "http://secunia.com/secunia_research/2007-53/advisory/"
                },
                {
                  "name": "ADV-2007-2822",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2822"
                },
                {
                  "name": "25215",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25215"
                },
                {
                  "name": "1018546",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018546"
                },
                {
                  "name": "24983",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/24983"
                },
                {
                  "name": "1018545",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018545"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "assignerShortName": "flexera",
        "cveId": "CVE-2007-2955",
        "datePublished": "2007-08-09T21:00:00.000Z",
        "dateReserved": "2007-05-31T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:57:54.467Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-3673 (GCVE-0-2007-3673)

    Vulnerability from cvelistv5 – Published: 2007-07-15 21:00 – Updated: 2024-08-07 14:28
    VLAI
    Summary
    Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\symTDI\, which results in memory overwrite.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/26042 third-party-advisoryx_refsource_SECUNIA
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/22351 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2007/2507 vdb-entryx_refsource_VUPEN
    http://osvdb.org/36117 vdb-entryx_refsource_OSVDB
    http://securitytracker.com/id?1018372 vdb-entryx_refsource_SECTRACK
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    Date Public
    2007-07-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T14:28:51.445Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "26042",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/26042"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11d.html"
              },
              {
                "name": "symantec-multi-symtdi-privilege-escalation(35347)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35347"
              },
              {
                "name": "22351",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22351"
              },
              {
                "name": "ADV-2007-2507",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/2507"
              },
              {
                "name": "36117",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/36117"
              },
              {
                "name": "1018372",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1018372"
              },
              {
                "name": "20070711 Symantec AntiVirus symtdi.sys Local Privilege Escalation Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=554"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-07-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\\\symTDI\\, which results in memory overwrite."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "26042",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/26042"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11d.html"
            },
            {
              "name": "symantec-multi-symtdi-privilege-escalation(35347)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35347"
            },
            {
              "name": "22351",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22351"
            },
            {
              "name": "ADV-2007-2507",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/2507"
            },
            {
              "name": "36117",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/36117"
            },
            {
              "name": "1018372",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1018372"
            },
            {
              "name": "20070711 Symantec AntiVirus symtdi.sys Local Privilege Escalation Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=554"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-3673",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\\\symTDI\\, which results in memory overwrite."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "26042",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/26042"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11d.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11d.html"
                },
                {
                  "name": "symantec-multi-symtdi-privilege-escalation(35347)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35347"
                },
                {
                  "name": "22351",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22351"
                },
                {
                  "name": "ADV-2007-2507",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/2507"
                },
                {
                  "name": "36117",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/36117"
                },
                {
                  "name": "1018372",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1018372"
                },
                {
                  "name": "20070711 Symantec AntiVirus symtdi.sys Local Privilege Escalation Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=554"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-3673",
        "datePublished": "2007-07-15T21:00:00.000Z",
        "dateReserved": "2007-07-10T00:00:00.000Z",
        "dateUpdated": "2024-08-07T14:28:51.445Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3456 (GCVE-0-2006-3456)

    Vulnerability from cvelistv5 – Published: 2007-05-11 10:00 – Updated: 2024-08-07 18:30
    VLAI
    Summary
    The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.symantec.com/avcenter/security/Content… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2007/1751 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/bid/23822 vdb-entryx_refsource_BID
    http://secunia.com/advisories/25172 third-party-advisoryx_refsource_SECUNIA
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    http://osvdb.org/35075 vdb-entryx_refsource_OSVDB
    http://www.securitytracker.com/id?1018031 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2007-05-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:30:33.495Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/avcenter/security/Content/2007.05.09.html"
              },
              {
                "name": "ADV-2007-1751",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1751"
              },
              {
                "name": "23822",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23822"
              },
              {
                "name": "25172",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/25172"
              },
              {
                "name": "20070509 Symantec Norton Internet Security 2006 COM Object Security ByPass Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=529"
              },
              {
                "name": "35075",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/35075"
              },
              {
                "name": "1018031",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1018031"
              },
              {
                "name": "symantec-navopts-security-bypass(34200)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34200"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-05-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to \"crash the control\" via unspecified vectors related to content on a web site, and place Internet Explorer into a \"defunct state\" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting.  NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/avcenter/security/Content/2007.05.09.html"
            },
            {
              "name": "ADV-2007-1751",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1751"
            },
            {
              "name": "23822",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23822"
            },
            {
              "name": "25172",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/25172"
            },
            {
              "name": "20070509 Symantec Norton Internet Security 2006 COM Object Security ByPass Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=529"
            },
            {
              "name": "35075",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/35075"
            },
            {
              "name": "1018031",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1018031"
            },
            {
              "name": "symantec-navopts-security-bypass(34200)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34200"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3456",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to \"crash the control\" via unspecified vectors related to content on a web site, and place Internet Explorer into a \"defunct state\" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting.  NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.symantec.com/avcenter/security/Content/2007.05.09.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/avcenter/security/Content/2007.05.09.html"
                },
                {
                  "name": "ADV-2007-1751",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1751"
                },
                {
                  "name": "23822",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23822"
                },
                {
                  "name": "25172",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/25172"
                },
                {
                  "name": "20070509 Symantec Norton Internet Security 2006 COM Object Security ByPass Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=529"
                },
                {
                  "name": "35075",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/35075"
                },
                {
                  "name": "1018031",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1018031"
                },
                {
                  "name": "symantec-navopts-security-bypass(34200)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34200"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3456",
        "datePublished": "2007-05-11T10:00:00.000Z",
        "dateReserved": "2006-07-07T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:30:33.495Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1793 (GCVE-0-2007-1793)

    Vulnerability from cvelistv5 – Published: 2007-04-02 22:00 – Updated: 2024-08-07 13:06
    VLAI
    Summary
    SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions. NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2007-04-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T13:06:26.391Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2007-1192",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/1192"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.matousec.com/info/advisories/Norton-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php"
              },
              {
                "name": "20070401 Norton Multiple insufficient argument validation of hooked SSDT function Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/464456/100/0/threaded"
              },
              {
                "name": "1021386",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021386"
              },
              {
                "name": "1017837",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017837"
              },
              {
                "name": "23241",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/23241"
              },
              {
                "name": "1021388",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021388"
              },
              {
                "name": "1021389",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021389"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.12.12.html"
              },
              {
                "name": "symantec-firewall-ssdt-dos(33352)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33352"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php"
              },
              {
                "name": "34692",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/34692"
              },
              {
                "name": "1017838",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017838"
              },
              {
                "name": "1021387",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1021387"
              },
              {
                "name": "24677",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24677"
              },
              {
                "name": "20070918 Plague in (security) software drivers \u0026 BSDOhook utility",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/479830/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-04-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions.  NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2007-1192",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/1192"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.matousec.com/info/advisories/Norton-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php"
            },
            {
              "name": "20070401 Norton Multiple insufficient argument validation of hooked SSDT function Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/464456/100/0/threaded"
            },
            {
              "name": "1021386",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021386"
            },
            {
              "name": "1017837",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017837"
            },
            {
              "name": "23241",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/23241"
            },
            {
              "name": "1021388",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021388"
            },
            {
              "name": "1021389",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021389"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.12.12.html"
            },
            {
              "name": "symantec-firewall-ssdt-dos(33352)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33352"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php"
            },
            {
              "name": "34692",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/34692"
            },
            {
              "name": "1017838",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017838"
            },
            {
              "name": "1021387",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1021387"
            },
            {
              "name": "24677",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24677"
            },
            {
              "name": "20070918 Plague in (security) software drivers \u0026 BSDOhook utility",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/479830/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1793",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions.  NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2007-1192",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/1192"
                },
                {
                  "name": "http://www.matousec.com/info/advisories/Norton-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php",
                  "refsource": "MISC",
                  "url": "http://www.matousec.com/info/advisories/Norton-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php"
                },
                {
                  "name": "20070401 Norton Multiple insufficient argument validation of hooked SSDT function Vulnerability",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/464456/100/0/threaded"
                },
                {
                  "name": "1021386",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021386"
                },
                {
                  "name": "1017837",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017837"
                },
                {
                  "name": "23241",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/23241"
                },
                {
                  "name": "1021388",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021388"
                },
                {
                  "name": "1021389",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021389"
                },
                {
                  "name": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php",
                  "refsource": "MISC",
                  "url": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2008.12.12.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.12.12.html"
                },
                {
                  "name": "symantec-firewall-ssdt-dos(33352)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33352"
                },
                {
                  "name": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php",
                  "refsource": "MISC",
                  "url": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php"
                },
                {
                  "name": "34692",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/34692"
                },
                {
                  "name": "1017838",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017838"
                },
                {
                  "name": "1021387",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1021387"
                },
                {
                  "name": "24677",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24677"
                },
                {
                  "name": "20070918 Plague in (security) software drivers \u0026 BSDOhook utility",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/479830/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1793",
        "datePublished": "2007-04-02T22:00:00.000Z",
        "dateReserved": "2007-04-02T00:00:00.000Z",
        "dateUpdated": "2024-08-07T13:06:26.391Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-1476 (GCVE-0-2007-1476)

    Vulnerability from cvelistv5 – Published: 2007-03-16 21:00 – Updated: 2024-08-07 12:59
    VLAI
    Summary
    The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver's \Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2007-03-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T12:59:08.338Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/avcenter/security/Content/2007.09.05.html"
              },
              {
                "name": "20070315 Norton Insufficient validation of \u0027SymTDI\u0027 driver input buffer",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/462926/100/0/threaded"
              },
              {
                "name": "20070315 Norton Insufficient validation of \u0027SymTDI\u0027 driver",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=full-disclosure\u0026m=117396596027148\u0026w=2"
              },
              {
                "name": "symantec-firewall-symtdi-dos(33003)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33003"
              },
              {
                "name": "22977",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22977"
              },
              {
                "name": "35088",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/35088"
              },
              {
                "name": "2438",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/2438"
              },
              {
                "name": "1018656",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1018656"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymTDI-driver-input-buffer.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-03-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver\u0027s \\Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/avcenter/security/Content/2007.09.05.html"
            },
            {
              "name": "20070315 Norton Insufficient validation of \u0027SymTDI\u0027 driver input buffer",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/462926/100/0/threaded"
            },
            {
              "name": "20070315 Norton Insufficient validation of \u0027SymTDI\u0027 driver",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://marc.info/?l=full-disclosure\u0026m=117396596027148\u0026w=2"
            },
            {
              "name": "symantec-firewall-symtdi-dos(33003)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33003"
            },
            {
              "name": "22977",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22977"
            },
            {
              "name": "35088",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/35088"
            },
            {
              "name": "2438",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/2438"
            },
            {
              "name": "1018656",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1018656"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymTDI-driver-input-buffer.php"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-1476",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver\u0027s \\Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.symantec.com/avcenter/security/Content/2007.09.05.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/avcenter/security/Content/2007.09.05.html"
                },
                {
                  "name": "20070315 Norton Insufficient validation of \u0027SymTDI\u0027 driver input buffer",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/462926/100/0/threaded"
                },
                {
                  "name": "20070315 Norton Insufficient validation of \u0027SymTDI\u0027 driver",
                  "refsource": "FULLDISC",
                  "url": "http://marc.info/?l=full-disclosure\u0026m=117396596027148\u0026w=2"
                },
                {
                  "name": "symantec-firewall-symtdi-dos(33003)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33003"
                },
                {
                  "name": "22977",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22977"
                },
                {
                  "name": "35088",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/35088"
                },
                {
                  "name": "2438",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/2438"
                },
                {
                  "name": "1018656",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1018656"
                },
                {
                  "name": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymTDI-driver-input-buffer.php",
                  "refsource": "MISC",
                  "url": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymTDI-driver-input-buffer.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-1476",
        "datePublished": "2007-03-16T21:00:00.000Z",
        "dateReserved": "2007-03-16T00:00:00.000Z",
        "dateUpdated": "2024-08-07T12:59:08.338Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-6490 (GCVE-0-2006-6490)

    Vulnerability from cvelistv5 – Published: 2007-02-22 21:00 – Updated: 2024-08-07 20:26
    VLAI
    Summary
    Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    http://www.kb.cert.org/vuls/id/441785 third-party-advisoryx_refsource_CERT-VN
    http://www.vupen.com/english/advisories/2007/0704 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/461147/100… mailing-listx_refsource_BUGTRAQ
    http://www.securitytracker.com/id?1017688 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2007/0703 vdb-entryx_refsource_VUPEN
    http://www.securitytracker.com/id?1017691 vdb-entryx_refsource_SECTRACK
    http://osvdb.org/33482 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/24251 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/22564 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id?1017689 vdb-entryx_refsource_SECTRACK
    http://www.securitytracker.com/id?1017690 vdb-entryx_refsource_SECTRACK
    http://www.symantec.com/avcenter/security/Content… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://osvdb.org/33481 vdb-entryx_refsource_OSVDB
    http://secunia.com/advisories/24246 third-party-advisoryx_refsource_SECUNIA
    http://labs.idefense.com/intelligence/vulnerabili… third-party-advisoryx_refsource_IDEFENSE
    Date Public
    2007-02-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T20:26:46.567Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20070223 Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html"
              },
              {
                "name": "VU#441785",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/441785"
              },
              {
                "name": "ADV-2007-0704",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/0704"
              },
              {
                "name": "20070223 Re: Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/461147/100/0/threaded"
              },
              {
                "name": "1017688",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017688"
              },
              {
                "name": "ADV-2007-0703",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/0703"
              },
              {
                "name": "1017691",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017691"
              },
              {
                "name": "33482",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/33482"
              },
              {
                "name": "24251",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24251"
              },
              {
                "name": "22564",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/22564"
              },
              {
                "name": "1017689",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017689"
              },
              {
                "name": "1017690",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id?1017690"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.symantec.com/avcenter/security/Content/2007.02.22.html"
              },
              {
                "name": "supportsoft-activex-multiple-bo(32636)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32636"
              },
              {
                "name": "33481",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/33481"
              },
              {
                "name": "24246",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/24246"
              },
              {
                "name": "20070222 Multiple Vendor SupportSoft SmartIssue ActiveX Control Buffer Overflow Vulnerability",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_IDEFENSE",
                  "x_transferred"
                ],
                "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-02-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "20070223 Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html"
            },
            {
              "name": "VU#441785",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/441785"
            },
            {
              "name": "ADV-2007-0704",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0704"
            },
            {
              "name": "20070223 Re: Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/461147/100/0/threaded"
            },
            {
              "name": "1017688",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017688"
            },
            {
              "name": "ADV-2007-0703",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/0703"
            },
            {
              "name": "1017691",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017691"
            },
            {
              "name": "33482",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/33482"
            },
            {
              "name": "24251",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24251"
            },
            {
              "name": "22564",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/22564"
            },
            {
              "name": "1017689",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017689"
            },
            {
              "name": "1017690",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id?1017690"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.symantec.com/avcenter/security/Content/2007.02.22.html"
            },
            {
              "name": "supportsoft-activex-multiple-bo(32636)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32636"
            },
            {
              "name": "33481",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/33481"
            },
            {
              "name": "24246",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/24246"
            },
            {
              "name": "20070222 Multiple Vendor SupportSoft SmartIssue ActiveX Control Buffer Overflow Vulnerability",
              "tags": [
                "third-party-advisory",
                "x_refsource_IDEFENSE"
              ],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2006-6490",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20070223 Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html"
                },
                {
                  "name": "VU#441785",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/441785"
                },
                {
                  "name": "ADV-2007-0704",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/0704"
                },
                {
                  "name": "20070223 Re: Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/461147/100/0/threaded"
                },
                {
                  "name": "1017688",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017688"
                },
                {
                  "name": "ADV-2007-0703",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/0703"
                },
                {
                  "name": "1017691",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017691"
                },
                {
                  "name": "33482",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/33482"
                },
                {
                  "name": "24251",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24251"
                },
                {
                  "name": "22564",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/22564"
                },
                {
                  "name": "1017689",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017689"
                },
                {
                  "name": "1017690",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id?1017690"
                },
                {
                  "name": "http://www.symantec.com/avcenter/security/Content/2007.02.22.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.symantec.com/avcenter/security/Content/2007.02.22.html"
                },
                {
                  "name": "supportsoft-activex-multiple-bo(32636)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32636"
                },
                {
                  "name": "33481",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/33481"
                },
                {
                  "name": "24246",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/24246"
                },
                {
                  "name": "20070222 Multiple Vendor SupportSoft SmartIssue ActiveX Control Buffer Overflow Vulnerability",
                  "refsource": "IDEFENSE",
                  "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2006-6490",
        "datePublished": "2007-02-22T21:00:00.000Z",
        "dateReserved": "2006-12-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T20:26:46.567Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5404 (GCVE-0-2006-5404)

    Vulnerability from cvelistv5 – Published: 2006-10-19 01:00 – Updated: 2024-08-07 19:48
    VLAI
    Summary
    Unspecified vulnerability in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to obtain sensitive information via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securitytracker.com/id?1016988 vdb-entryx_refsource_SECTRACK
    http://securitytracker.com/id?1016991 vdb-entryx_refsource_SECTRACK
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    http://securitytracker.com/id?1016989 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2006/3929 vdb-entryx_refsource_VUPEN
    http://secunia.com/advisories/22228 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1016990 vdb-entryx_refsource_SECTRACK
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/20348 vdb-entryx_refsource_BID
    Date Public
    2006-10-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:48:30.398Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1016988",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016988"
              },
              {
                "name": "1016991",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016991"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
              },
              {
                "name": "1016989",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016989"
              },
              {
                "name": "ADV-2006-3929",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3929"
              },
              {
                "name": "22228",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22228"
              },
              {
                "name": "1016990",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016990"
              },
              {
                "name": "symantec-support-tool-info-disclosure(29366)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29366"
              },
              {
                "name": "20348",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/20348"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-10-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to obtain sensitive information via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1016988",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016988"
            },
            {
              "name": "1016991",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016991"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
            },
            {
              "name": "1016989",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016989"
            },
            {
              "name": "ADV-2006-3929",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3929"
            },
            {
              "name": "22228",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22228"
            },
            {
              "name": "1016990",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016990"
            },
            {
              "name": "symantec-support-tool-info-disclosure(29366)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29366"
            },
            {
              "name": "20348",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/20348"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-5404",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to obtain sensitive information via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1016988",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016988"
                },
                {
                  "name": "1016991",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016991"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
                },
                {
                  "name": "1016989",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016989"
                },
                {
                  "name": "ADV-2006-3929",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3929"
                },
                {
                  "name": "22228",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22228"
                },
                {
                  "name": "1016990",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016990"
                },
                {
                  "name": "symantec-support-tool-info-disclosure(29366)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29366"
                },
                {
                  "name": "20348",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/20348"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-5404",
        "datePublished": "2006-10-19T01:00:00.000Z",
        "dateReserved": "2006-10-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:48:30.398Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-5403 (GCVE-0-2006-5403)

    Vulnerability from cvelistv5 – Published: 2006-10-19 01:00 – Updated: 2024-08-07 19:48
    VLAI
    Summary
    Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securitytracker.com/id?1016988 vdb-entryx_refsource_SECTRACK
    http://securitytracker.com/id?1016991 vdb-entryx_refsource_SECTRACK
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    http://securitytracker.com/id?1016989 vdb-entryx_refsource_SECTRACK
    http://www.vupen.com/english/advisories/2006/3929 vdb-entryx_refsource_VUPEN
    http://www.kb.cert.org/vuls/id/400601 third-party-advisoryx_refsource_CERT-VN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/22228 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1016990 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/bid/20348 vdb-entryx_refsource_BID
    Date Public
    2006-10-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:48:30.152Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1016988",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016988"
              },
              {
                "name": "1016991",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016991"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
              },
              {
                "name": "1016989",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016989"
              },
              {
                "name": "ADV-2006-3929",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3929"
              },
              {
                "name": "VU#400601",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/400601"
              },
              {
                "name": "symantec-support-tool-activex-bo(29363)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29363"
              },
              {
                "name": "22228",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/22228"
              },
              {
                "name": "1016990",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016990"
              },
              {
                "name": "20348",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/20348"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-10-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1016988",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016988"
            },
            {
              "name": "1016991",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016991"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
            },
            {
              "name": "1016989",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016989"
            },
            {
              "name": "ADV-2006-3929",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3929"
            },
            {
              "name": "VU#400601",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/400601"
            },
            {
              "name": "symantec-support-tool-activex-bo(29363)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29363"
            },
            {
              "name": "22228",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/22228"
            },
            {
              "name": "1016990",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016990"
            },
            {
              "name": "20348",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/20348"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-5403",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1016988",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016988"
                },
                {
                  "name": "1016991",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016991"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
                },
                {
                  "name": "1016989",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016989"
                },
                {
                  "name": "ADV-2006-3929",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3929"
                },
                {
                  "name": "VU#400601",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/400601"
                },
                {
                  "name": "symantec-support-tool-activex-bo(29363)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29363"
                },
                {
                  "name": "22228",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/22228"
                },
                {
                  "name": "1016990",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016990"
                },
                {
                  "name": "20348",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/20348"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-5403",
        "datePublished": "2006-10-19T01:00:00.000Z",
        "dateReserved": "2006-10-18T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:48:30.152Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-4855 (GCVE-0-2006-4855)

    Vulnerability from cvelistv5 – Published: 2006-09-19 18:00 – Updated: 2024-08-07 19:23
    VLAI
    Summary
    The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securitytracker.com/id?1016892 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/21938 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1016893 vdb-entryx_refsource_SECTRACK
    http://securitytracker.com/id?1016895 vdb-entryx_refsource_SECTRACK
    http://securitytracker.com/id?1016889 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/archive/1/446111/100… mailing-listx_refsource_BUGTRAQ
    http://securitytracker.com/id?1016897 vdb-entryx_refsource_SECTRACK
    http://securityreason.com/securityalert/1591 third-party-advisoryx_refsource_SREASON
    http://securitytracker.com/id?1016896 vdb-entryx_refsource_SECTRACK
    http://www.matousec.com/info/advisories/Norton-In… x_refsource_MISC
    http://www.securityfocus.com/bid/20051 vdb-entryx_refsource_BID
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2006/3636 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://securitytracker.com/id?1016894 vdb-entryx_refsource_SECTRACK
    http://securitytracker.com/id?1016898 vdb-entryx_refsource_SECTRACK
    Date Public
    2006-09-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T19:23:41.469Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1016892",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016892"
              },
              {
                "name": "21938",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/21938"
              },
              {
                "name": "1016893",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016893"
              },
              {
                "name": "1016895",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016895"
              },
              {
                "name": "1016889",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016889"
              },
              {
                "name": "20060915 Symantec Norton Insufficient validation of \u0027SymEvent\u0027 driver input buffer",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/446111/100/0/threaded"
              },
              {
                "name": "1016897",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016897"
              },
              {
                "name": "1591",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/1591"
              },
              {
                "name": "1016896",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016896"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php"
              },
              {
                "name": "20051",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/20051"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html"
              },
              {
                "name": "ADV-2006-3636",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/3636"
              },
              {
                "name": "symantec-firewall-symevent-dos(28960)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28960"
              },
              {
                "name": "1016894",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016894"
              },
              {
                "name": "1016898",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016898"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-09-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The \\Device\\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-17T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1016892",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016892"
            },
            {
              "name": "21938",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/21938"
            },
            {
              "name": "1016893",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016893"
            },
            {
              "name": "1016895",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016895"
            },
            {
              "name": "1016889",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016889"
            },
            {
              "name": "20060915 Symantec Norton Insufficient validation of \u0027SymEvent\u0027 driver input buffer",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/446111/100/0/threaded"
            },
            {
              "name": "1016897",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016897"
            },
            {
              "name": "1591",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/1591"
            },
            {
              "name": "1016896",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016896"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php"
            },
            {
              "name": "20051",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/20051"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html"
            },
            {
              "name": "ADV-2006-3636",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3636"
            },
            {
              "name": "symantec-firewall-symevent-dos(28960)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28960"
            },
            {
              "name": "1016894",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016894"
            },
            {
              "name": "1016898",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016898"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-4855",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The \\Device\\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1016892",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016892"
                },
                {
                  "name": "21938",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/21938"
                },
                {
                  "name": "1016893",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016893"
                },
                {
                  "name": "1016895",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016895"
                },
                {
                  "name": "1016889",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016889"
                },
                {
                  "name": "20060915 Symantec Norton Insufficient validation of \u0027SymEvent\u0027 driver input buffer",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/446111/100/0/threaded"
                },
                {
                  "name": "1016897",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016897"
                },
                {
                  "name": "1591",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/1591"
                },
                {
                  "name": "1016896",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016896"
                },
                {
                  "name": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php",
                  "refsource": "MISC",
                  "url": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php"
                },
                {
                  "name": "20051",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/20051"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html"
                },
                {
                  "name": "ADV-2006-3636",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/3636"
                },
                {
                  "name": "symantec-firewall-symevent-dos(28960)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28960"
                },
                {
                  "name": "1016894",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016894"
                },
                {
                  "name": "1016898",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016898"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-4855",
        "datePublished": "2006-09-19T18:00:00.000Z",
        "dateReserved": "2006-09-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T19:23:41.469Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-1836 (GCVE-0-2006-1836)

    Vulnerability from cvelistv5 – Published: 2006-04-19 16:00 – Updated: 2024-08-07 17:27
    VLAI
    Summary
    Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securityreason.com/securityalert/100 third-party-advisoryx_refsource_SREASON
    http://www.securityfocus.com/bid/17571 vdb-entryx_refsource_BID
    http://www.vupen.com/english/advisories/2006/1386 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/431318/100… mailing-listx_refsource_BUGTRAQ
    http://securitytracker.com/id?1015953 vdb-entryx_refsource_SECTRACK
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    http://secunia.com/advisories/19682 third-party-advisoryx_refsource_SECUNIA
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2006-04-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T17:27:29.470Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "100",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/100"
              },
              {
                "name": "17571",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/17571"
              },
              {
                "name": "ADV-2006-1386",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/1386"
              },
              {
                "name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
              },
              {
                "name": "1015953",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015953"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
              },
              {
                "name": "19682",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/19682"
              },
              {
                "name": "liveupdate-exepath-env-privilege-escalation(25839)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-04-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "100",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/100"
            },
            {
              "name": "17571",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/17571"
            },
            {
              "name": "ADV-2006-1386",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/1386"
            },
            {
              "name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
            },
            {
              "name": "1015953",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015953"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
            },
            {
              "name": "19682",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/19682"
            },
            {
              "name": "liveupdate-exepath-env-privilege-escalation(25839)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-1836",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "100",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/100"
                },
                {
                  "name": "17571",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/17571"
                },
                {
                  "name": "ADV-2006-1386",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/1386"
                },
                {
                  "name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
                },
                {
                  "name": "1015953",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015953"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
                },
                {
                  "name": "19682",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/19682"
                },
                {
                  "name": "liveupdate-exepath-env-privilege-escalation(25839)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-1836",
        "datePublished": "2006-04-19T16:00:00.000Z",
        "dateReserved": "2006-04-19T00:00:00.000Z",
        "dateUpdated": "2024-08-07T17:27:29.470Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-0166 (GCVE-0-2006-0166)

    Vulnerability from cvelistv5 – Published: 2006-01-11 21:00 – Updated: 2024-08-07 16:25
    VLAI
    Summary
    Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stores temporary copies of files in the Norton Protected Recycle Bin NProtect directory, which is hidden from the FindFirst and FindNext Windows APIs and allows remote attackers to hide arbitrary files from virus scanners and other products.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.vupen.com/english/advisories/2006/0143 vdb-entryx_refsource_VUPEN
    http://securityresponse.symantec.com/avcenter/sec… x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/18402 third-party-advisoryx_refsource_SECUNIA
    http://securitytracker.com/id?1015462 vdb-entryx_refsource_SECTRACK
    Date Public
    2006-01-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:25:34.101Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ADV-2006-0143",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/0143"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.01.10.html"
              },
              {
                "name": "systemworks-nprotect-hidden(24061)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24061"
              },
              {
                "name": "18402",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/18402"
              },
              {
                "name": "1015462",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1015462"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-01-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stores temporary copies of files in the Norton Protected Recycle Bin NProtect directory, which is hidden from the FindFirst and FindNext Windows APIs and allows remote attackers to hide arbitrary files from virus scanners and other products."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-19T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "ADV-2006-0143",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/0143"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.01.10.html"
            },
            {
              "name": "systemworks-nprotect-hidden(24061)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24061"
            },
            {
              "name": "18402",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/18402"
            },
            {
              "name": "1015462",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1015462"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-0166",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stores temporary copies of files in the Norton Protected Recycle Bin NProtect directory, which is hidden from the FindFirst and FindNext Windows APIs and allows remote attackers to hide arbitrary files from virus scanners and other products."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "ADV-2006-0143",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/0143"
                },
                {
                  "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.01.10.html",
                  "refsource": "CONFIRM",
                  "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.01.10.html"
                },
                {
                  "name": "systemworks-nprotect-hidden(24061)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24061"
                },
                {
                  "name": "18402",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/18402"
                },
                {
                  "name": "1015462",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1015462"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-0166",
        "datePublished": "2006-01-11T21:00:00.000Z",
        "dateReserved": "2006-01-11T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:25:34.101Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }