CVE-2006-5403

Name of the Vulnerable Software and Affected Versions Symantec Automated Support Assistant versions used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006

Description A stack-based buffer overflow issue exists in an ActiveX control used by the Symantec Automated Support Assistant. This could allow user-assisted remote attackers to cause a denial of service, potentially leading to a crash, and may also enable the execution of arbitrary code. The attack vectors for this issue are not specified.

Recommendations For Symantec Automated Support Assistant versions used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, consider disabling the affected ActiveX control as a temporary workaround until a patch is available. Restrict access to the vulnerable ActiveX control to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.