Think you have a false positive on this rule?

Sid 1-11268

Message

BROWSER-PLUGINS Symantec Norton AntiVirus ActiveX clsid access

Summary

The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771.

Impact

CVSS base score 8.5 CVSS impact score 10.0 CVSS exploitability score 6.8 confidentialityImpact COMPLETE integrityImpact COMPLETE availabilityImpact COMPLETE

CVE-2006-3456:

CVSS base score 8.5

CVSS impact score 10.0

CVSS exploitability score 6.8

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-2006-3456: The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771.

Affected systems

  • symantec norton_antivirus 2005
  • symantec norton_antivirus 2006
  • symantec nortoninternetsecurity 2005
  • symantec nortoninternetsecurity 2006
  • symantec nortonsystemworks 2005
  • symantec nortonsystemworks 2006

Ease of attack

CVE-2006-3456:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References

  • labs.idefense.com/intelligence/vulnerabilities/display.php?id=529
  • www.symantec.com/avcenter/security/Content/2007.05.09.html