Symantec Norton System Works — known CVE vulnerabilities
Every CVE whose affected-product data names Symantec Norton System Works, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2006-6490 — CVSS 10.0 (critical): Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by…
CVE-2008-0312 — CVSS 9.3 (critical): Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products…
CVE-2007-3699 — CVSS 9.3 (critical): The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain…
CVE-2007-0447 — CVSS 9.3 (critical): Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via…
CVE-2006-3456 — CVSS 8.5 (high): The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet…
CVE-2005-0249 — CVSS 7.5 (high): Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX…
CVE-2006-0166 — CVSS 7.5 (high): Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stores temporary copies of files in the Norton Protected Recycle Bin…
CVE-2003-0994 — CVSS 7.2 (high): The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001…
CVE-2007-3673 — CVSS 6.9 (medium): Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through…
CVE-2007-2955 — CVSS 6.8 (medium): Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton…
CVE-2006-1836 — CVSS 6.8 (medium): Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the…
CVE-2006-5403 — CVSS 5.1 (medium): Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet…
CVE-2005-0922 — CVSS 5.0 (medium): Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005…
CVE-2006-4855 — CVSS 4.9 (medium): The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet…
CVE-2007-1793 — CVSS 4.9 (medium): SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to…
CVE-2005-1346 — CVSS 2.6 (low): Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP…
CVE-2006-5404 — CVSS 2.6 (low): Unspecified vulnerability in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet…
CVE-2005-0923 — CVSS 2.1 (low): The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005…
CVE-2007-1476 — CVSS 1.9 (low): The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006…