ActiveX Control Vulnerability in Norton AntiVirus by Symantec
CVE-2006-3456

Currently unrated

Key Information:

Vendor: Symantec
Status: Norton System Works; Norton Antivirus; Norton Internet Security
Vendor: CVE Published:; 11 May 2007

Summary

The Symantec NAVOPTS.DLL ActiveX control, used in various Norton AntiVirus and Internet Security products, contains a vulnerability that can be exploited by remote attackers. This exploit allows them to crash the control via specific web content, resulting in Internet Explorer entering a non-responsive state. In this state, attackers may execute arbitrary code, impacting security even for other ActiveX controls that are typically deemed safe. This vulnerability emphasizes the critical need for users to apply updates and utilize protective measures while interacting with potentially compromised web environments.

References

http://www.symantec.com/avcenter/security/Content/2007.05...

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2007/1751

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/23822

vdb-entryx_refsource_BID

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 11, 2007
Vulnerability Reserved
Jul 7, 2006