漏洞标题
N/A
漏洞描述信息
Norton NAVOPTS.DLL ActiveX控件(也称为Symantec.Norton.AntiVirus.NAVOptions)12.2.0.13,在2005和2006年版本的 Norton Antivirus、Internet Security 和 System Works 中使用时,仅用于嵌入应用程序的网页浏览器,允许远程攻击者通过与网页内容的特定向量“崩溃控制”,并将 Internet Explorer 置于“关闭状态”,使得远程攻击者除了其他 Symantec ActiveX 控件之外,还可以执行任意代码。注意:这个 CVE 无意中用于电子邮件自动保护问题,但该问题已被分配 CVE-2007-3771。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Norton Antivirus NAVOpts.dll ActiveX控件绕过安全限制漏洞
漏洞描述信息
Symantec Norton AntiVirus是一款功能强大的反病毒程序。 Norton AntiVirus所带的ActiveX控件实现上存在漏洞,远程攻击者可能利用此漏洞绕过浏览器的安全限制。 Norton会安装以下ActiveX控件: Progid:Symantec.Norton.AntiVirus.NAVOptions Clsid:085ABFE2-D753-445C-8A2A-D4BD46CE0811 文件:C:\Program Files\Norton Internet Security\N
CVSS信息
N/A
漏洞类别
代码注入