The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2007-05-11T10:00:00
Updated: 2024-08-07T18:30:33.495Z
Reserved: 2006-07-07T00:00:00
Link: CVE-2006-3456
Vulnrichment
No data.
NVD
Status : Modified
Published: 2007-05-11T10:19:00.000
Modified: 2024-11-21T00:13:39.227
Link: CVE-2006-3456
Redhat
No data.