CVE-2007-2955
Symantec Norton NavComUI.dll ActiveX - Input Validation Code Execution
Title source: manualDescription
Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA.
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35944
Third Party Advisory x_refsource_confirm
http://www.symantec.com/avcenter/security/Content/2007.08.09.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1018547
Vendor Advisory x_refsource_misc
http://secunia.com/secunia_research/2007-53/advisory/
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2822
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25215
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1018546
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/24983
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1018545
Scores
EPSS
0.1386
EPSS Percentile
94.4%
Details
Status
published
Products (4)
symantec/norton_antivirus
2006
symantec/norton_internet_security
2005
symantec/norton_internet_security
2006
symantec/norton_system_works
2006
Published
Aug 09, 2007
Tracked Since
Feb 18, 2026