The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-05-11T10:00:00

Updated: 2024-08-07T18:30:33.495Z

Reserved: 2006-07-07T00:00:00

Link: CVE-2006-3456

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2007-05-11T10:19:00.000

Modified: 2024-11-21T00:13:39.227

Link: CVE-2006-3456

cve-icon Redhat

No data.