Input Validation Errors in Norton Products by Symantec
CVE-2007-2955

Currently unrated

Key Information:

Vendor: Symantec
Status: Norton System Works; Norton Internet Security; Norton Antivirus
Vendor: CVE Published:; 9 August 2007

What is CVE-2007-2955?

Multiple unspecified input validation vulnerabilities exist in ActiveX controls included in the NavComUI.dll file, used in various Norton AntiVirus, Internet Security, and System Works products from 2006. These weaknesses may allow remote attackers to execute arbitrary code through specially crafted inputs targeting the AnomalyList and Anomaly properties of the AxSysListView32 and AxSysListView32OAA components.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/35944

vdb-entryx_refsource_XF

http://www.symantec.com/avcenter/security/Content/2007.08...

x_refsource_CONFIRM

http://www.securitytracker.com/id?1018547

vdb-entryx_refsource_SECTRACK

EPSS Score

10% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 9, 2007
Vulnerability Reserved
May 31, 2007