Stack Overflow in 3rd Party ActiveX Controls affects Multiple Vendor Products
30 Apr. 2007
Summary
Vulnerabilities were identified in third-party trouble-shooting ActiveX controls, developed by SupportSoft. Two of these controls were signed, shipped and installed with the identified versions of Symantec s consumer products and as part of the Symantec Automated Support Assistant support tool. The vulnerability identified in the Symantec shipped controls could potentially result in a stack overflow requiring user interaction to exploit. If successfully exploited this vulnerability could potentially compromise a user s system possibly allowing execution of arbitrary code or unauthorized access to system
assets with the permissions of the user s browser.
Symantec was initially alerted by Next Generation Security Software (NGSS), to stack overflow and unauthorized access vulnerabilities identified in two SupportSoft ActiveX controls, SmartIssue tgctlsi.dll and ScriptRunner tgctlsr.dll, that Symantec signed and shipped with some of Symantec s 2006 consumer products and used by the Symantec Automated Support Assistant support tool Symantec provides onits consumer support site.
These SupportSoft ActiveX components did not properly validate external input. This failure could potentially lead to unauthorized access to system resources or the possible execution of malicious code with the privileges of the user s browser, resulting in a potential compromise of the user s system.
Any attempt to exploit these issues would require interactive user involvement. An attacker would need to be able to effectively entice a user to visit a malicious web site where their malicious code was hosted or to click on a malicious URL in any attempt to compromise the user s system. While these SupportSoft-developed components should also have been effectively site-locked, which would have further reduced the severity, this capability was found to be improperly implemented in the vulnerable versions.
Symantec Response:
Symantec worked closely with SupportSoft to ensure updates were quickly made available for the identified controls. SupportSoft has posted a Security Bulletin, http://www.supportsoft.com/support/controls_update.asp, for the controls Symantec uses and controls used in other products on their support site, www.supportsoft.com.
