cvelistv5 - cve-2006-5403

cve-2006-5403

Vulnerability from cvelistv5

Published

2006-10-19 01:00

Modified

2024-08-07 19:48

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/22228	Vendor Advisory
cve@mitre.org	http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html
cve@mitre.org	http://securitytracker.com/id?1016988
cve@mitre.org	http://securitytracker.com/id?1016989
cve@mitre.org	http://securitytracker.com/id?1016990
cve@mitre.org	http://securitytracker.com/id?1016991
cve@mitre.org	http://www.kb.cert.org/vuls/id/400601	US Government Resource
cve@mitre.org	http://www.securityfocus.com/bid/20348
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3929
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/29363
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22228	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016988
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016989
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016990
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016991
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/400601	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/20348
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3929
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/29363

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:48:30.152Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1016988",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016988"
          },
          {
            "name": "1016991",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016991"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
          },
          {
            "name": "1016989",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016989"
          },
          {
            "name": "ADV-2006-3929",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3929"
          },
          {
            "name": "VU#400601",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/400601"
          },
          {
            "name": "symantec-support-tool-activex-bo(29363)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29363"
          },
          {
            "name": "22228",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22228"
          },
          {
            "name": "1016990",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016990"
          },
          {
            "name": "20348",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20348"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-10-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1016988",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016988"
        },
        {
          "name": "1016991",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016991"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
        },
        {
          "name": "1016989",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016989"
        },
        {
          "name": "ADV-2006-3929",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3929"
        },
        {
          "name": "VU#400601",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/400601"
        },
        {
          "name": "symantec-support-tool-activex-bo(29363)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29363"
        },
        {
          "name": "22228",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22228"
        },
        {
          "name": "1016990",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016990"
        },
        {
          "name": "20348",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20348"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5403",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1016988",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016988"
            },
            {
              "name": "1016991",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016991"
            },
            {
              "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html",
              "refsource": "CONFIRM",
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
            },
            {
              "name": "1016989",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016989"
            },
            {
              "name": "ADV-2006-3929",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3929"
            },
            {
              "name": "VU#400601",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/400601"
            },
            {
              "name": "symantec-support-tool-activex-bo(29363)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29363"
            },
            {
              "name": "22228",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22228"
            },
            {
              "name": "1016990",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016990"
            },
            {
              "name": "20348",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/20348"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-5403",
    "datePublished": "2006-10-19T01:00:00",
    "dateReserved": "2006-10-18T00:00:00",
    "dateUpdated": "2024-08-07T19:48:30.152Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:automated_support_assistant:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8B0CDB6-4DB2-4F75-B408-7E8EC39446FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7A58C09D-72A0-48E1-ABF0-49EBECA5D02B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C1CC64B1-772C-42A9-9B0A-08CA92DC87E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_system_works:2005:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"29F670F0-FD5D-447C-94B8-691482D907F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_system_works:2006:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"05EB078C-2538-4961-ABFF-6C4601C3977F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de buffer basado en pila en el Control de ActiveX usado en Symantec Automated Support Assistant, como el usado en el AntiVirus Norton, en Internet Security y System Works 2005 y 2006, permite a los atacantes remotos con la complicidad del usuario, causar la denegaci\\u00f3n de servicio (ca\\u00edda) y la posibilidad de ejecutar c\\u00f3digo de su elecci\\u00f3n mediante vectores no definidos.\"}]",
      "id": "CVE-2006-5403",
      "lastModified": "2024-11-21T00:19:05.857",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:P/I:P/A:P\", \"baseScore\": 5.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 4.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": true, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2006-10-19T01:07:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/22228\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1016988\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1016989\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1016990\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://securitytracker.com/id?1016991\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/400601\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/20348\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/3929\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/29363\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/22228\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1016988\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1016989\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1016990\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://securitytracker.com/id?1016991\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/400601\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/bid/20348\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/3929\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/29363\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-5403\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-10-19T01:07:00.000\",\"lastModified\":\"2024-11-21T00:19:05.857\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de buffer basado en pila en el Control de ActiveX usado en Symantec Automated Support Assistant, como el usado en el AntiVirus Norton, en Internet Security y System Works 2005 y 2006, permite a los atacantes remotos con la complicidad del usuario, causar la denegaci\u00f3n de servicio (ca\u00edda) y la posibilidad de ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores no definidos.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":5.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:automated_support_assistant:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8B0CDB6-4DB2-4F75-B408-7E8EC39446FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A58C09D-72A0-48E1-ABF0-49EBECA5D02B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1CC64B1-772C-42A9-9B0A-08CA92DC87E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_system_works:2005:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29F670F0-FD5D-447C-94B8-691482D907F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_system_works:2006:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05EB078C-2538-4961-ABFF-6C4601C3977F\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/22228\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1016988\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1016989\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1016990\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1016991\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/400601\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/20348\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/3929\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/29363\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/22228\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1016988\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1016989\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1016990\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/id?1016991\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/400601\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/bid/20348\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/3929\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/29363\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-crr9-5rqj-fxgq

Vulnerability from github

Published

2022-05-01 07:27

Modified

2022-05-01 07:27

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-5403"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-10-19T01:07:00Z",
    "severity": "MODERATE"
  },
  "details": "Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.",
  "id": "GHSA-crr9-5rqj-fxgq",
  "modified": "2022-05-01T07:27:59Z",
  "published": "2022-05-01T07:27:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5403"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29363"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22228"
    },
    {
      "type": "WEB",
      "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016988"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016989"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016990"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016991"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/400601"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/20348"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3929"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. This vulnerability requires a certain amount of user-interaction for an attack to occur, such as visiting a malicious website. A successful exploit would let a remote attacker execute code with the privileges of the currently logged-in user. Therefore, the affected control may be present on computers running other consumer products and versions as well. Symantec Corporate and Enterprise products are not affected, because they do not install the affected control.

Want to work within IT-Security?

Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit.

1) An unspecified input validation error exists, which can be exploited to gain unauthorized access to system information.

Successful exploitation requires spoofing of a trusted domain web site and to trick the user to click on a malicious link.

Automated Support Assistant: Update to the latest version. https://www-secure.symantec.com/techsupp/asa/install.jsp

PROVIDED AND/OR DISCOVERED BY: The vendor credits John Haesman, Next Generation Security Research.

ORIGINAL ADVISORY: http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200610-0182",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "norton system works",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "2006"
      },
      {
        "model": "norton system works",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "2005"
      },
      {
        "model": "norton internet security",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "2006"
      },
      {
        "model": "automated support assistant",
        "scope": null,
        "trust": 1.4,
        "vendor": "symantec",
        "version": null
      },
      {
        "model": "norton antivirus",
        "scope": null,
        "trust": 1.4,
        "vendor": "symantec",
        "version": null
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "*"
      },
      {
        "model": "automated support assistant",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "*"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "symantec",
        "version": null
      },
      {
        "model": "norton internet security",
        "scope": null,
        "trust": 0.8,
        "vendor": "symantec",
        "version": null
      },
      {
        "model": "norton systemworks",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "symantec",
        "version": "2005 and  2006"
      },
      {
        "model": "norton systemworks",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "20060"
      },
      {
        "model": "norton systemworks",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "20050"
      },
      {
        "model": "norton internet security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "20060"
      },
      {
        "model": "norton internet security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "2005"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "2006"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "2005"
      },
      {
        "model": "automated support assistant",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#400601"
      },
      {
        "db": "BID",
        "id": "20348"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003318"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5403"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200610-306"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:symantec:automated_support_assistant:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_system_works:2005:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_system_works:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-5403"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "John Haesman",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200610-306"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-5403",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": true,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.1,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2006-5403",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "id": "VHN-21511",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-5403",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#400601",
            "trust": 0.8,
            "value": "1.16"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200610-306",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-21511",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#400601"
      },
      {
        "db": "VULHUB",
        "id": "VHN-21511"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003318"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5403"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200610-306"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. This vulnerability requires a certain amount of user-interaction for an attack to occur, such as visiting a malicious website. A successful exploit would let a remote attacker execute code with the privileges of the currently logged-in user. Therefore, the affected control may be present on computers running other consumer products and versions as well. Symantec Corporate and Enterprise products are not affected, because they do not install the affected control. \n\n----------------------------------------------------------------------\n\nWant to work within IT-Security?\n\nSecunia is expanding its team of highly skilled security experts. \nWe will help with relocation and obtaining a work permit. \n\n1) An unspecified input validation error exists, which can be\nexploited to gain unauthorized access to system information. \n\nSuccessful exploitation requires spoofing of a trusted domain web\nsite and to trick the user to click on a malicious link. \n\nAutomated Support Assistant:\nUpdate to the latest version. \nhttps://www-secure.symantec.com/techsupp/asa/install.jsp\n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits John Haesman, Next Generation Security Research. \n\nORIGINAL ADVISORY:\nhttp://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-5403"
      },
      {
        "db": "CERT/CC",
        "id": "VU#400601"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003318"
      },
      {
        "db": "BID",
        "id": "20348"
      },
      {
        "db": "VULHUB",
        "id": "VHN-21511"
      },
      {
        "db": "PACKETSTORM",
        "id": "50672"
      }
    ],
    "trust": 2.79
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#400601",
        "trust": 3.6
      },
      {
        "db": "BID",
        "id": "20348",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "22228",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1016988",
        "trust": 2.5
      },
      {
        "db": "SECTRACK",
        "id": "1016989",
        "trust": 2.5
      },
      {
        "db": "SECTRACK",
        "id": "1016990",
        "trust": 2.5
      },
      {
        "db": "SECTRACK",
        "id": "1016991",
        "trust": 2.5
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5403",
        "trust": 2.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-3929",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003318",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200610-306",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "29363",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-21511",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "50672",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#400601"
      },
      {
        "db": "VULHUB",
        "id": "VHN-21511"
      },
      {
        "db": "BID",
        "id": "20348"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003318"
      },
      {
        "db": "PACKETSTORM",
        "id": "50672"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5403"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200610-306"
      }
    ]
  },
  "id": "VAR-200610-0182",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-21511"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:15:55.693000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SYM06-019",
        "trust": 0.8,
        "url": "http://securityresponse.symantec.com/avcenter/security/content/2006.10.05.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003318"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-5403"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "http://www.kb.cert.org/vuls/id/400601"
      },
      {
        "trust": 2.1,
        "url": "http://securityresponse.symantec.com/avcenter/security/content/2006.10.05.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/20348"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1016988"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1016989"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1016990"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1016991"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/22228"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/3929"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29363"
      },
      {
        "trust": 0.8,
        "url": "http://www.symantec.com/avcenter/security/content/2006.10.05.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/20348 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016988 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016989 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016990 "
      },
      {
        "trust": 0.8,
        "url": "http://securitytracker.com/id?1016991 "
      },
      {
        "trust": 0.8,
        "url": "http://secunia.com/advisories/22228 "
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5403"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5403"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/3929"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/29363"
      },
      {
        "trust": 0.3,
        "url": "http://www.symantec.com"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/4009/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6635/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/4848/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/12212/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6636/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/22228/"
      },
      {
        "trust": 0.1,
        "url": "https://www-secure.symantec.com/techsupp/asa/install.jsp"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/4847/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6634/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#400601"
      },
      {
        "db": "VULHUB",
        "id": "VHN-21511"
      },
      {
        "db": "BID",
        "id": "20348"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003318"
      },
      {
        "db": "PACKETSTORM",
        "id": "50672"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5403"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200610-306"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#400601"
      },
      {
        "db": "VULHUB",
        "id": "VHN-21511"
      },
      {
        "db": "BID",
        "id": "20348"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-003318"
      },
      {
        "db": "PACKETSTORM",
        "id": "50672"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5403"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200610-306"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-11-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#400601"
      },
      {
        "date": "2006-10-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-21511"
      },
      {
        "date": "2006-10-05T00:00:00",
        "db": "BID",
        "id": "20348"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-003318"
      },
      {
        "date": "2006-10-08T20:37:03",
        "db": "PACKETSTORM",
        "id": "50672"
      },
      {
        "date": "2006-10-19T01:07:00",
        "db": "NVD",
        "id": "CVE-2006-5403"
      },
      {
        "date": "2006-10-18T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200610-306"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-11-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#400601"
      },
      {
        "date": "2017-07-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-21511"
      },
      {
        "date": "2006-11-13T19:07:00",
        "db": "BID",
        "id": "20348"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-003318"
      },
      {
        "date": "2017-07-20T01:33:43.243000",
        "db": "NVD",
        "id": "CVE-2006-5403"
      },
      {
        "date": "2006-10-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200610-306"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200610-306"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Symantec Automated Support Assistant ActiveX control buffer overflow",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#400601"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200610-306"
      }
    ],
    "trust": 0.6
  }
}

gsd-2006-5403

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2006-5403

Aliases

CVE-2006-5403

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-5403",
    "description": "Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.",
    "id": "GSD-2006-5403"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-5403"
      ],
      "details": "Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.",
      "id": "GSD-2006-5403",
      "modified": "2023-12-13T01:19:56.311835Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-5403",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1016988",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016988"
          },
          {
            "name": "1016991",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016991"
          },
          {
            "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html",
            "refsource": "CONFIRM",
            "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
          },
          {
            "name": "1016989",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016989"
          },
          {
            "name": "ADV-2006-3929",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/3929"
          },
          {
            "name": "VU#400601",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/400601"
          },
          {
            "name": "symantec-support-tool-activex-bo(29363)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29363"
          },
          {
            "name": "22228",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22228"
          },
          {
            "name": "1016990",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016990"
          },
          {
            "name": "20348",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/20348"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:symantec:automated_support_assistant:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_system_works:2005:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_system_works:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5403"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
            },
            {
              "name": "20348",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/20348"
            },
            {
              "name": "1016988",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016988"
            },
            {
              "name": "1016989",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016989"
            },
            {
              "name": "1016990",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016990"
            },
            {
              "name": "1016991",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016991"
            },
            {
              "name": "22228",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/22228"
            },
            {
              "name": "VU#400601",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/400601"
            },
            {
              "name": "ADV-2006-3929",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/3929"
            },
            {
              "name": "symantec-support-tool-activex-bo(29363)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29363"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-07-20T01:33Z",
      "publishedDate": "2006-10-19T01:07Z"
    }
  }
}

cve-2006-5403

Vulnerability from fkie_nvd

Published

2006-10-19 01:07

Modified

2024-11-21 00:19

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/22228	Vendor Advisory
cve@mitre.org	http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html
cve@mitre.org	http://securitytracker.com/id?1016988
cve@mitre.org	http://securitytracker.com/id?1016989
cve@mitre.org	http://securitytracker.com/id?1016990
cve@mitre.org	http://securitytracker.com/id?1016991
cve@mitre.org	http://www.kb.cert.org/vuls/id/400601	US Government Resource
cve@mitre.org	http://www.securityfocus.com/bid/20348
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3929
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/29363
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22228	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016988
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016989
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016990
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016991
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/400601	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/20348
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3929
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/29363

Impacted products

Vendor	Product	Version
symantec	automated_support_assistant	*
symantec	norton_antivirus	*
symantec	norton_internet_security	2006
symantec	norton_system_works	2005
symantec	norton_system_works	2006

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:symantec:automated_support_assistant:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8B0CDB6-4DB2-4F75-B408-7E8EC39446FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A58C09D-72A0-48E1-ABF0-49EBECA5D02B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1CC64B1-772C-42A9-9B0A-08CA92DC87E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_system_works:2005:*:*:*:*:*:*:*",
              "matchCriteriaId": "29F670F0-FD5D-447C-94B8-691482D907F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_system_works:2006:*:*:*:*:*:*:*",
              "matchCriteriaId": "05EB078C-2538-4961-ABFF-6C4601C3977F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de buffer basado en pila en el Control de ActiveX usado en Symantec Automated Support Assistant, como el usado en el AntiVirus Norton, en Internet Security y System Works 2005 y 2006, permite a los atacantes remotos con la complicidad del usuario, causar la denegaci\u00f3n de servicio (ca\u00edda) y la posibilidad de ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores no definidos."
    }
  ],
  "id": "CVE-2006-5403",
  "lastModified": "2024-11-21T00:19:05.857",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-10-19T01:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22228"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016988"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016989"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016990"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016991"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/400601"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/20348"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3929"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29363"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22228"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016988"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016989"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016990"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016991"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/400601"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/20348"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3929"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29363"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2006-5403

Vulnerability from cvelistv5

ghsa-crr9-5rqj-fxgq

Vulnerability from github

var-200610-0182

Vulnerability from variot

gsd-2006-5403

Vulnerability from gsd

cve-2006-5403

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature