All the vulnerabilites related to symantec - norton_internet_security
cve-2002-0663
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Firewall 3.0.4.91 and Norton Internet Security 2001 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large outgoing HTTP request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/4366 | vdb-entry, x_refsource_OSVDB | |
| http://www.atstake.com/research/advisories/2002/a071502-1.txt | vendor-advisory, x_refsource_ATSTAKE | |
| http://securityresponse.symantec.com/avcenter/security/Content/2002.07.15.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/5237 | vdb-entry, x_refsource_BID | |
| http://www.iss.net/security_center/static/9579.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4366",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4366"
},
{
"name": "A071502-1",
"tags": [
"vendor-advisory",
"x_refsource_ATSTAKE",
"x_transferred"
],
"url": "http://www.atstake.com/research/advisories/2002/a071502-1.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2002.07.15.html"
},
{
"name": "5237",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5237"
},
{
"name": "norton-fw-http-bo(9579)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9579.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Firewall 3.0.4.91 and Norton Internet Security 2001 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large outgoing HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-21T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4366",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4366"
},
{
"name": "A071502-1",
"tags": [
"vendor-advisory",
"x_refsource_ATSTAKE"
],
"url": "http://www.atstake.com/research/advisories/2002/a071502-1.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2002.07.15.html"
},
{
"name": "5237",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5237"
},
{
"name": "norton-fw-http-bo(9579)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9579.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Firewall 3.0.4.91 and Norton Internet Security 2001 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large outgoing HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4366",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4366"
},
{
"name": "A071502-1",
"refsource": "ATSTAKE",
"url": "http://www.atstake.com/research/advisories/2002/a071502-1.txt"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2002.07.15.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2002.07.15.html"
},
{
"name": "5237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5237"
},
{
"name": "norton-fw-http-bo(9579)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9579.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0663",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-07-02T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0313
Vulnerability from cvelistv5
Published
2008-04-08 17:00
Modified
2024-08-07 07:39
Severity ?
EPSS score ?
Summary
The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, does not properly determine the location of the AutoFix Tool, which allows remote attackers to execute arbitrary code via a remote (1) WebDAV or (2) SMB share.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1019753 | vdb-entry, x_refsource_SECTRACK | |
| http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1019751 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id?1019752 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/29660 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/1077/references | vdb-entry, x_refsource_VUPEN | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=678 | third-party-advisory, x_refsource_IDEFENSE | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41631 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/28509 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:34.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1019753",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019753"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html"
},
{
"name": "1019751",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019751"
},
{
"name": "1019752",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019752"
},
{
"name": "29660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29660"
},
{
"name": "ADV-2008-1077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1077/references"
},
{
"name": "20080402 Symantec Internet Security 2008 ActiveDataInfo.LaunchProcess Design Error Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=678"
},
{
"name": "symantec-autofixtool-code-execution(41631)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41631"
},
{
"name": "28509",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28509"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, does not properly determine the location of the AutoFix Tool, which allows remote attackers to execute arbitrary code via a remote (1) WebDAV or (2) SMB share."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1019753",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019753"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html"
},
{
"name": "1019751",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019751"
},
{
"name": "1019752",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019752"
},
{
"name": "29660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29660"
},
{
"name": "ADV-2008-1077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1077/references"
},
{
"name": "20080402 Symantec Internet Security 2008 ActiveDataInfo.LaunchProcess Design Error Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=678"
},
{
"name": "symantec-autofixtool-code-execution(41631)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41631"
},
{
"name": "28509",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28509"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, does not properly determine the location of the AutoFix Tool, which allows remote attackers to execute arbitrary code via a remote (1) WebDAV or (2) SMB share."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019753",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019753"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html"
},
{
"name": "1019751",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019751"
},
{
"name": "1019752",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019752"
},
{
"name": "29660",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29660"
},
{
"name": "ADV-2008-1077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1077/references"
},
{
"name": "20080402 Symantec Internet Security 2008 ActiveDataInfo.LaunchProcess Design Error Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=678"
},
{
"name": "symantec-autofixtool-code-execution(41631)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41631"
},
{
"name": "28509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28509"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0313",
"datePublished": "2008-04-08T17:00:00",
"dateReserved": "2008-01-16T00:00:00",
"dateUpdated": "2024-08-07T07:39:34.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6490
Vulnerability from cvelistv5
Published
2007-02-22 21:00
Modified
2024-08-07 20:26
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:26:46.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070223 Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html"
},
{
"name": "VU#441785",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/441785"
},
{
"name": "ADV-2007-0704",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0704"
},
{
"name": "20070223 Re: Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/461147/100/0/threaded"
},
{
"name": "1017688",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017688"
},
{
"name": "ADV-2007-0703",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0703"
},
{
"name": "1017691",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017691"
},
{
"name": "33482",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33482"
},
{
"name": "24251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24251"
},
{
"name": "22564",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22564"
},
{
"name": "1017689",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017689"
},
{
"name": "1017690",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017690"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.02.22.html"
},
{
"name": "supportsoft-activex-multiple-bo(32636)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32636"
},
{
"name": "33481",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33481"
},
{
"name": "24246",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24246"
},
{
"name": "20070222 Multiple Vendor SupportSoft SmartIssue ActiveX Control Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "20070223 Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html"
},
{
"name": "VU#441785",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/441785"
},
{
"name": "ADV-2007-0704",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0704"
},
{
"name": "20070223 Re: Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/461147/100/0/threaded"
},
{
"name": "1017688",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017688"
},
{
"name": "ADV-2007-0703",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0703"
},
{
"name": "1017691",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017691"
},
{
"name": "33482",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33482"
},
{
"name": "24251",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24251"
},
{
"name": "22564",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22564"
},
{
"name": "1017689",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017689"
},
{
"name": "1017690",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017690"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.02.22.html"
},
{
"name": "supportsoft-activex-multiple-bo(32636)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32636"
},
{
"name": "33481",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33481"
},
{
"name": "24246",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24246"
},
{
"name": "20070222 Multiple Vendor SupportSoft SmartIssue ActiveX Control Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2006-6490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070223 Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html"
},
{
"name": "VU#441785",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/441785"
},
{
"name": "ADV-2007-0704",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0704"
},
{
"name": "20070223 Re: Stack Overflow in Third-Party ActiveX Controls affects Multiple Vendor Products Including Some Symantec Consumer Products and Automated Support",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461147/100/0/threaded"
},
{
"name": "1017688",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017688"
},
{
"name": "ADV-2007-0703",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0703"
},
{
"name": "1017691",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017691"
},
{
"name": "33482",
"refsource": "OSVDB",
"url": "http://osvdb.org/33482"
},
{
"name": "24251",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24251"
},
{
"name": "22564",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22564"
},
{
"name": "1017689",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017689"
},
{
"name": "1017690",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017690"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2007.02.22.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2007.02.22.html"
},
{
"name": "supportsoft-activex-multiple-bo(32636)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32636"
},
{
"name": "33481",
"refsource": "OSVDB",
"url": "http://osvdb.org/33481"
},
{
"name": "24246",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24246"
},
{
"name": "20070222 Multiple Vendor SupportSoft SmartIssue ActiveX Control Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2006-6490",
"datePublished": "2007-02-22T21:00:00",
"dateReserved": "2006-12-12T00:00:00",
"dateUpdated": "2024-08-07T20:26:46.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4855
Vulnerability from cvelistv5
Published
2006-09-19 18:00
Modified
2024-08-07 19:23
Severity ?
EPSS score ?
Summary
The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1016892",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016892"
},
{
"name": "21938",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21938"
},
{
"name": "1016893",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016893"
},
{
"name": "1016895",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016895"
},
{
"name": "1016889",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016889"
},
{
"name": "20060915 Symantec Norton Insufficient validation of \u0027SymEvent\u0027 driver input buffer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/446111/100/0/threaded"
},
{
"name": "1016897",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016897"
},
{
"name": "1591",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1591"
},
{
"name": "1016896",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016896"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php"
},
{
"name": "20051",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20051"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html"
},
{
"name": "ADV-2006-3636",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3636"
},
{
"name": "symantec-firewall-symevent-dos(28960)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28960"
},
{
"name": "1016894",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016894"
},
{
"name": "1016898",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016898"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \\Device\\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1016892",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016892"
},
{
"name": "21938",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21938"
},
{
"name": "1016893",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016893"
},
{
"name": "1016895",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016895"
},
{
"name": "1016889",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016889"
},
{
"name": "20060915 Symantec Norton Insufficient validation of \u0027SymEvent\u0027 driver input buffer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/446111/100/0/threaded"
},
{
"name": "1016897",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016897"
},
{
"name": "1591",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1591"
},
{
"name": "1016896",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016896"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php"
},
{
"name": "20051",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20051"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html"
},
{
"name": "ADV-2006-3636",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3636"
},
{
"name": "symantec-firewall-symevent-dos(28960)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28960"
},
{
"name": "1016894",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016894"
},
{
"name": "1016898",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016898"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \\Device\\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016892",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016892"
},
{
"name": "21938",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21938"
},
{
"name": "1016893",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016893"
},
{
"name": "1016895",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016895"
},
{
"name": "1016889",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016889"
},
{
"name": "20060915 Symantec Norton Insufficient validation of \u0027SymEvent\u0027 driver input buffer",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446111/100/0/threaded"
},
{
"name": "1016897",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016897"
},
{
"name": "1591",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1591"
},
{
"name": "1016896",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016896"
},
{
"name": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php",
"refsource": "MISC",
"url": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php"
},
{
"name": "20051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20051"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html"
},
{
"name": "ADV-2006-3636",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3636"
},
{
"name": "symantec-firewall-symevent-dos(28960)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28960"
},
{
"name": "1016894",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016894"
},
{
"name": "1016898",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016898"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4855",
"datePublished": "2006-09-19T18:00:00",
"dateReserved": "2006-09-19T00:00:00",
"dateUpdated": "2024-08-07T19:23:41.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2209
Vulnerability from cvelistv5
Published
2016-06-30 23:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code via a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/40037/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securitytracker.com/id/1036199 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1036198 | vdb-entry, x_refsource_SECTRACK | |
| https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/91436 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40037",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40037/"
},
{
"name": "1036199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036199"
},
{
"name": "1036198",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036198"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
},
{
"name": "91436",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91436"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "40037",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40037/"
},
{
"name": "1036199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036199"
},
{
"name": "1036198",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036198"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
},
{
"name": "91436",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91436"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-2209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40037",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40037/"
},
{
"name": "1036199",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036199"
},
{
"name": "1036198",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036198"
},
{
"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
},
{
"name": "91436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91436"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2016-2209",
"datePublished": "2016-06-30T23:00:00",
"dateReserved": "2016-02-02T00:00:00",
"dateUpdated": "2024-08-05T23:24:48.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3104
Vulnerability from cvelistv5
Published
2009-09-08 22:00
Modified
2024-08-07 06:14
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Symantec Norton AntiVirus 2005 through 2008; Norton Internet Security 2005 through 2008; AntiVirus Corporate Edition 9.0 before MR7, 10.0, 10.1 before MR8, and 10.2 before MR3; and Client Security 2.0 before MR7, 3.0, and 3.1 before MR8; when Internet Email Scanning is installed and enabled, allows remote attackers to cause a denial of service (CPU consumption and persistent connection loss) via unknown attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090826_01 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/36493 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2009/2449 | vdb-entry, x_refsource_VUPEN | |
| http://osvdb.org/57429 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/34670 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/52820 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:14:56.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_01"
},
{
"name": "36493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36493"
},
{
"name": "ADV-2009-2449",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2449"
},
{
"name": "57429",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/57429"
},
{
"name": "34670",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34670"
},
{
"name": "symantec-email-scan-dos(52820)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52820"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Symantec Norton AntiVirus 2005 through 2008; Norton Internet Security 2005 through 2008; AntiVirus Corporate Edition 9.0 before MR7, 10.0, 10.1 before MR8, and 10.2 before MR3; and Client Security 2.0 before MR7, 3.0, and 3.1 before MR8; when Internet Email Scanning is installed and enabled, allows remote attackers to cause a denial of service (CPU consumption and persistent connection loss) via unknown attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_01"
},
{
"name": "36493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36493"
},
{
"name": "ADV-2009-2449",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2449"
},
{
"name": "57429",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/57429"
},
{
"name": "34670",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34670"
},
{
"name": "symantec-email-scan-dos(52820)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52820"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Symantec Norton AntiVirus 2005 through 2008; Norton Internet Security 2005 through 2008; AntiVirus Corporate Edition 9.0 before MR7, 10.0, 10.1 before MR8, and 10.2 before MR3; and Client Security 2.0 before MR7, 3.0, and 3.1 before MR8; when Internet Email Scanning is installed and enabled, allows remote attackers to cause a denial of service (CPU consumption and persistent connection loss) via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_01",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_01"
},
{
"name": "36493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36493"
},
{
"name": "ADV-2009-2449",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2449"
},
{
"name": "57429",
"refsource": "OSVDB",
"url": "http://osvdb.org/57429"
},
{
"name": "34670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34670"
},
{
"name": "symantec-email-scan-dos(52820)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52820"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3104",
"datePublished": "2009-09-08T22:00:00",
"dateReserved": "2009-09-08T00:00:00",
"dateUpdated": "2024-08-07T06:14:56.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0364
Vulnerability from cvelistv5
Published
2004-03-23 05:00
Modified
2024-08-08 00:17
Severity ?
EPSS score ?
Summary
The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers to execute arbitrary programs via the LaunchURL method.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/9915 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=107980262324362&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.nextgenss.com/advisories/nisrce.txt | x_refsource_MISC | |
| http://secunia.com/advisories/11168 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=bugtraq&m=107970885922442&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/549054 | third-party-advisory, x_refsource_CERT-VN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15538 | vdb-entry, x_refsource_XF | |
| http://www.sarc.com/avcenter/security/Content/2004.03.19.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9915",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9915"
},
{
"name": "20040319 Ref: NGSSoftware Advisories NISR19042004a and NISR19042004b",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107980262324362\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/advisories/nisrce.txt"
},
{
"name": "11168",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11168"
},
{
"name": "20040319 Norton Internet Security Remote Command Execution (#NISR19042004b)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107970885922442\u0026w=2"
},
{
"name": "VU#549054",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/549054"
},
{
"name": "norton-is-launchurl-command-execution(15538)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15538"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sarc.com/avcenter/security/Content/2004.03.19.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers to execute arbitrary programs via the LaunchURL method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9915",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9915"
},
{
"name": "20040319 Ref: NGSSoftware Advisories NISR19042004a and NISR19042004b",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107980262324362\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/advisories/nisrce.txt"
},
{
"name": "11168",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11168"
},
{
"name": "20040319 Norton Internet Security Remote Command Execution (#NISR19042004b)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107970885922442\u0026w=2"
},
{
"name": "VU#549054",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/549054"
},
{
"name": "norton-is-launchurl-command-execution(15538)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15538"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sarc.com/avcenter/security/Content/2004.03.19.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers to execute arbitrary programs via the LaunchURL method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9915"
},
{
"name": "20040319 Ref: NGSSoftware Advisories NISR19042004a and NISR19042004b",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107980262324362\u0026w=2"
},
{
"name": "http://www.nextgenss.com/advisories/nisrce.txt",
"refsource": "MISC",
"url": "http://www.nextgenss.com/advisories/nisrce.txt"
},
{
"name": "11168",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11168"
},
{
"name": "20040319 Norton Internet Security Remote Command Execution (#NISR19042004b)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107970885922442\u0026w=2"
},
{
"name": "VU#549054",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/549054"
},
{
"name": "norton-is-launchurl-command-execution(15538)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15538"
},
{
"name": "http://www.sarc.com/avcenter/security/Content/2004.03.19.html",
"refsource": "CONFIRM",
"url": "http://www.sarc.com/avcenter/security/Content/2004.03.19.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0364",
"datePublished": "2004-03-23T05:00:00",
"dateReserved": "2004-03-19T00:00:00",
"dateUpdated": "2024-08-08T00:17:14.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3456
Vulnerability from cvelistv5
Published
2007-05-11 10:00
Modified
2024-08-07 18:30
Severity ?
EPSS score ?
Summary
The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.symantec.com/avcenter/security/Content/2007.05.09.html | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2007/1751 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/23822 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/25172 | third-party-advisory, x_refsource_SECUNIA | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=529 | third-party-advisory, x_refsource_IDEFENSE | |
| http://osvdb.org/35075 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id?1018031 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34200 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:33.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.05.09.html"
},
{
"name": "ADV-2007-1751",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1751"
},
{
"name": "23822",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23822"
},
{
"name": "25172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25172"
},
{
"name": "20070509 Symantec Norton Internet Security 2006 COM Object Security ByPass Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=529"
},
{
"name": "35075",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35075"
},
{
"name": "1018031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018031"
},
{
"name": "symantec-navopts-security-bypass(34200)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34200"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to \"crash the control\" via unspecified vectors related to content on a web site, and place Internet Explorer into a \"defunct state\" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.05.09.html"
},
{
"name": "ADV-2007-1751",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1751"
},
{
"name": "23822",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23822"
},
{
"name": "25172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25172"
},
{
"name": "20070509 Symantec Norton Internet Security 2006 COM Object Security ByPass Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=529"
},
{
"name": "35075",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35075"
},
{
"name": "1018031",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018031"
},
{
"name": "symantec-navopts-security-bypass(34200)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34200"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to \"crash the control\" via unspecified vectors related to content on a web site, and place Internet Explorer into a \"defunct state\" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/avcenter/security/Content/2007.05.09.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2007.05.09.html"
},
{
"name": "ADV-2007-1751",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1751"
},
{
"name": "23822",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23822"
},
{
"name": "25172",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25172"
},
{
"name": "20070509 Symantec Norton Internet Security 2006 COM Object Security ByPass Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=529"
},
{
"name": "35075",
"refsource": "OSVDB",
"url": "http://osvdb.org/35075"
},
{
"name": "1018031",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018031"
},
{
"name": "symantec-navopts-security-bypass(34200)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34200"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3456",
"datePublished": "2007-05-11T10:00:00",
"dateReserved": "2006-07-07T00:00:00",
"dateUpdated": "2024-08-07T18:30:33.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3646
Vulnerability from cvelistv5
Published
2016-06-30 23:00
Modified
2024-08-06 00:03
Severity ?
EPSS score ?
Summary
The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation) via a crafted ZIP archive that is mishandled during decompression.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036199 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1036198 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/91435 | vdb-entry, x_refsource_BID | |
| https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00 | x_refsource_CONFIRM | |
| https://www.exploit-db.com/exploits/40036/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:03:34.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036199"
},
{
"name": "1036198",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036198"
},
{
"name": "91435",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91435"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
},
{
"name": "40036",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40036/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation) via a crafted ZIP archive that is mishandled during decompression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "1036199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036199"
},
{
"name": "1036198",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036198"
},
{
"name": "91435",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91435"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
},
{
"name": "40036",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40036/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-3646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation) via a crafted ZIP archive that is mishandled during decompression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036199",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036199"
},
{
"name": "1036198",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036198"
},
{
"name": "91435",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91435"
},
{
"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
},
{
"name": "40036",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40036/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2016-3646",
"datePublished": "2016-06-30T23:00:00",
"dateReserved": "2016-03-23T00:00:00",
"dateUpdated": "2024-08-06T00:03:34.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1476
Vulnerability from cvelistv5
Published
2007-03-16 21:00
Modified
2024-08-07 12:59
Severity ?
EPSS score ?
Summary
The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver's \Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.symantec.com/avcenter/security/Content/2007.09.05.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/462926/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=full-disclosure&m=117396596027148&w=2 | mailing-list, x_refsource_FULLDISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/33003 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/22977 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/35088 | vdb-entry, x_refsource_OSVDB | |
| http://securityreason.com/securityalert/2438 | third-party-advisory, x_refsource_SREASON | |
| http://securitytracker.com/id?1018656 | vdb-entry, x_refsource_SECTRACK | |
| http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymTDI-driver-input-buffer.php | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.09.05.html"
},
{
"name": "20070315 Norton Insufficient validation of \u0027SymTDI\u0027 driver input buffer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/462926/100/0/threaded"
},
{
"name": "20070315 Norton Insufficient validation of \u0027SymTDI\u0027 driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=117396596027148\u0026w=2"
},
{
"name": "symantec-firewall-symtdi-dos(33003)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33003"
},
{
"name": "22977",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22977"
},
{
"name": "35088",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35088"
},
{
"name": "2438",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2438"
},
{
"name": "1018656",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018656"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymTDI-driver-input-buffer.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver\u0027s \\Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.09.05.html"
},
{
"name": "20070315 Norton Insufficient validation of \u0027SymTDI\u0027 driver input buffer",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/462926/100/0/threaded"
},
{
"name": "20070315 Norton Insufficient validation of \u0027SymTDI\u0027 driver",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=117396596027148\u0026w=2"
},
{
"name": "symantec-firewall-symtdi-dos(33003)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33003"
},
{
"name": "22977",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22977"
},
{
"name": "35088",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35088"
},
{
"name": "2438",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2438"
},
{
"name": "1018656",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018656"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymTDI-driver-input-buffer.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver\u0027s \\Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/avcenter/security/Content/2007.09.05.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2007.09.05.html"
},
{
"name": "20070315 Norton Insufficient validation of \u0027SymTDI\u0027 driver input buffer",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/462926/100/0/threaded"
},
{
"name": "20070315 Norton Insufficient validation of \u0027SymTDI\u0027 driver",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=117396596027148\u0026w=2"
},
{
"name": "symantec-firewall-symtdi-dos(33003)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33003"
},
{
"name": "22977",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22977"
},
{
"name": "35088",
"refsource": "OSVDB",
"url": "http://osvdb.org/35088"
},
{
"name": "2438",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2438"
},
{
"name": "1018656",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018656"
},
{
"name": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymTDI-driver-input-buffer.php",
"refsource": "MISC",
"url": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymTDI-driver-input-buffer.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1476",
"datePublished": "2007-03-16T21:00:00",
"dateReserved": "2007-03-16T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-1149
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 02:19
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Symantec Norton Internet Security 2003 6.0.4.34 allows remote attackers to inject arbitrary web script or HTML via a URL to a blocked site, which is displayed on the blocked sites error page.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/342548 | mailing-list, x_refsource_BUGTRAQ | |
| http://securityresponse.symantec.com/avcenter/security/Content/2003.10.27.html | x_refsource_CONFIRM | |
| http://www.osvdb.org/2714 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/10067 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/8904 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/13528 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:19:45.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20031027 Norton Internet Security 2003 XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/342548"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2003.10.27.html"
},
{
"name": "2714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/2714"
},
{
"name": "10067",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10067"
},
{
"name": "8904",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8904"
},
{
"name": "norton-is-blocked-xss(13528)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13528"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Symantec Norton Internet Security 2003 6.0.4.34 allows remote attackers to inject arbitrary web script or HTML via a URL to a blocked site, which is displayed on the blocked sites error page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20031027 Norton Internet Security 2003 XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/342548"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2003.10.27.html"
},
{
"name": "2714",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/2714"
},
{
"name": "10067",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10067"
},
{
"name": "8904",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8904"
},
{
"name": "norton-is-blocked-xss(13528)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13528"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Symantec Norton Internet Security 2003 6.0.4.34 allows remote attackers to inject arbitrary web script or HTML via a URL to a blocked site, which is displayed on the blocked sites error page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20031027 Norton Internet Security 2003 XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/342548"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2003.10.27.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2003.10.27.html"
},
{
"name": "2714",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2714"
},
{
"name": "10067",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10067"
},
{
"name": "8904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8904"
},
{
"name": "norton-is-blocked-xss(13528)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13528"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1149",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T02:19:45.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3644
Vulnerability from cvelistv5
Published
2016-06-30 23:00
Modified
2024-08-06 00:03
Severity ?
EPSS score ?
Summary
The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via modified MIME data in a message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036199 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1036198 | vdb-entry, x_refsource_SECTRACK | |
| https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/91431 | vdb-entry, x_refsource_BID | |
| https://www.exploit-db.com/exploits/40034/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:03:34.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036199"
},
{
"name": "1036198",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036198"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
},
{
"name": "91431",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91431"
},
{
"name": "40034",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40034/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via modified MIME data in a message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "1036199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036199"
},
{
"name": "1036198",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036198"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
},
{
"name": "91431",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91431"
},
{
"name": "40034",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40034/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-3644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via modified MIME data in a message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036199",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036199"
},
{
"name": "1036198",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036198"
},
{
"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
},
{
"name": "91431",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91431"
},
{
"name": "40034",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40034/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2016-3644",
"datePublished": "2016-06-30T23:00:00",
"dateReserved": "2016-03-23T00:00:00",
"dateUpdated": "2024-08-06T00:03:34.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0107
Vulnerability from cvelistv5
Published
2010-02-23 20:00
Modified
2024-08-07 00:37
Severity ?
EPSS score ?
Summary
Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. NOTE: this is only a vulnerability if the attacker can "masquerade as an authorized site."
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/62412 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/archive/1/509717/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id?1023630 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/38654 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/56357 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2010/0411 | vdb-entry, x_refsource_VUPEN | |
| http://www.securitytracker.com/id?1023631 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/38217 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1023628 | vdb-entry, x_refsource_SECTRACK | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_01 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1023629 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:53.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "62412",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/62412"
},
{
"name": "20100224 VUPEN Security Research - Symantec Products \"SYMLTCOM.dll\" Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/509717/100/0/threaded"
},
{
"name": "1023630",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023630"
},
{
"name": "38654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38654"
},
{
"name": "symantec-symltcom-activex-bo(56357)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56357"
},
{
"name": "ADV-2010-0411",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0411"
},
{
"name": "1023631",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023631"
},
{
"name": "38217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38217"
},
{
"name": "1023628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023628"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_01"
},
{
"name": "1023629",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023629"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. NOTE: this is only a vulnerability if the attacker can \"masquerade as an authorized site.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "62412",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/62412"
},
{
"name": "20100224 VUPEN Security Research - Symantec Products \"SYMLTCOM.dll\" Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/509717/100/0/threaded"
},
{
"name": "1023630",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023630"
},
{
"name": "38654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38654"
},
{
"name": "symantec-symltcom-activex-bo(56357)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56357"
},
{
"name": "ADV-2010-0411",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0411"
},
{
"name": "1023631",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023631"
},
{
"name": "38217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38217"
},
{
"name": "1023628",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023628"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_01"
},
{
"name": "1023629",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023629"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. NOTE: this is only a vulnerability if the attacker can \"masquerade as an authorized site.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62412",
"refsource": "OSVDB",
"url": "http://osvdb.org/62412"
},
{
"name": "20100224 VUPEN Security Research - Symantec Products \"SYMLTCOM.dll\" Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509717/100/0/threaded"
},
{
"name": "1023630",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023630"
},
{
"name": "38654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38654"
},
{
"name": "symantec-symltcom-activex-bo(56357)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56357"
},
{
"name": "ADV-2010-0411",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0411"
},
{
"name": "1023631",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023631"
},
{
"name": "38217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38217"
},
{
"name": "1023628",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023628"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_01",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_01"
},
{
"name": "1023629",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023629"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0107",
"datePublished": "2010-02-23T20:00:00",
"dateReserved": "2009-12-31T00:00:00",
"dateUpdated": "2024-08-07T00:37:53.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0312
Vulnerability from cvelistv5
Published
2008-04-08 17:00
Modified
2024-08-07 07:39
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1019753 | vdb-entry, x_refsource_SECTRACK | |
| http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1019751 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id?1019752 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/29660 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/1077/references | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/28507 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41629 | vdb-entry, x_refsource_XF | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=677 | third-party-advisory, x_refsource_IDEFENSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:35.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1019753",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019753"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html"
},
{
"name": "1019751",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019751"
},
{
"name": "1019752",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019752"
},
{
"name": "29660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29660"
},
{
"name": "ADV-2008-1077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1077/references"
},
{
"name": "28507",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28507"
},
{
"name": "symantec-autofixtool-bo(41629)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41629"
},
{
"name": "20080402 Symantec Norton Internet Security 2008 ActiveX Control Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=677"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1019753",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019753"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html"
},
{
"name": "1019751",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019751"
},
{
"name": "1019752",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019752"
},
{
"name": "29660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29660"
},
{
"name": "ADV-2008-1077",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1077/references"
},
{
"name": "28507",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28507"
},
{
"name": "symantec-autofixtool-bo(41629)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41629"
},
{
"name": "20080402 Symantec Norton Internet Security 2008 ActiveX Control Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=677"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1019753",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019753"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html"
},
{
"name": "1019751",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019751"
},
{
"name": "1019752",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019752"
},
{
"name": "29660",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29660"
},
{
"name": "ADV-2008-1077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1077/references"
},
{
"name": "28507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28507"
},
{
"name": "symantec-autofixtool-bo(41629)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41629"
},
{
"name": "20080402 Symantec Norton Internet Security 2008 ActiveX Control Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=677"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0312",
"datePublished": "2008-04-08T17:00:00",
"dateReserved": "2008-01-16T00:00:00",
"dateUpdated": "2024-08-07T07:39:35.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1689
Vulnerability from cvelistv5
Published
2007-05-16 20:00
Modified
2024-08-07 13:06
Severity ?
EPSS score ?
Summary
Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2007/1843 | vdb-entry, x_refsource_VUPEN | |
| http://www.symantec.com/avcenter/security/Content/2007.05.16.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/23936 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/36164 | vdb-entry, x_refsource_OSVDB | |
| http://www.securitytracker.com/id?1018073 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/25290 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.kb.cert.org/vuls/id/983953 | third-party-advisory, x_refsource_CERT-VN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34328 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/468779/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:26.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-1843",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1843"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.05.16.html"
},
{
"name": "23936",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23936"
},
{
"name": "36164",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36164"
},
{
"name": "1018073",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018073"
},
{
"name": "25290",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25290"
},
{
"name": "VU#983953",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/983953"
},
{
"name": "symantec-islalert-bo(34328)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34328"
},
{
"name": "20070516 Symantec Product Security: Norton Personal Firewall 2004 ActiveX Control vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/468779/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "ADV-2007-1843",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1843"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.05.16.html"
},
{
"name": "23936",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23936"
},
{
"name": "36164",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36164"
},
{
"name": "1018073",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018073"
},
{
"name": "25290",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25290"
},
{
"name": "VU#983953",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/983953"
},
{
"name": "symantec-islalert-bo(34328)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34328"
},
{
"name": "20070516 Symantec Product Security: Norton Personal Firewall 2004 ActiveX Control vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/468779/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2007-1689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1843",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1843"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2007.05.16.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2007.05.16.html"
},
{
"name": "23936",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23936"
},
{
"name": "36164",
"refsource": "OSVDB",
"url": "http://osvdb.org/36164"
},
{
"name": "1018073",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018073"
},
{
"name": "25290",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25290"
},
{
"name": "VU#983953",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/983953"
},
{
"name": "symantec-islalert-bo(34328)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34328"
},
{
"name": "20070516 Symantec Product Security: Norton Personal Firewall 2004 ActiveX Control vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/468779/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2007-1689",
"datePublished": "2007-05-16T20:00:00",
"dateReserved": "2007-03-26T00:00:00",
"dateUpdated": "2024-08-07T13:06:26.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1793
Vulnerability from cvelistv5
Published
2007-04-02 22:00
Modified
2024-08-07 13:06
Severity ?
EPSS score ?
Summary
SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions. NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:26.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-1192",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1192"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/info/advisories/Norton-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php"
},
{
"name": "20070401 Norton Multiple insufficient argument validation of hooked SSDT function Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464456/100/0/threaded"
},
{
"name": "1021386",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021386"
},
{
"name": "1017837",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017837"
},
{
"name": "23241",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23241"
},
{
"name": "1021388",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021388"
},
{
"name": "1021389",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021389"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.12.12.html"
},
{
"name": "symantec-firewall-ssdt-dos(33352)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33352"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php"
},
{
"name": "34692",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34692"
},
{
"name": "1017838",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017838"
},
{
"name": "1021387",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021387"
},
{
"name": "24677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24677"
},
{
"name": "20070918 Plague in (security) software drivers \u0026 BSDOhook utility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/479830/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions. NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-1192",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1192"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/info/advisories/Norton-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php"
},
{
"name": "20070401 Norton Multiple insufficient argument validation of hooked SSDT function Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/464456/100/0/threaded"
},
{
"name": "1021386",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021386"
},
{
"name": "1017837",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017837"
},
{
"name": "23241",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23241"
},
{
"name": "1021388",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021388"
},
{
"name": "1021389",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021389"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.12.12.html"
},
{
"name": "symantec-firewall-ssdt-dos(33352)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33352"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php"
},
{
"name": "34692",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34692"
},
{
"name": "1017838",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017838"
},
{
"name": "1021387",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021387"
},
{
"name": "24677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24677"
},
{
"name": "20070918 Plague in (security) software drivers \u0026 BSDOhook utility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/479830/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions. NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-1192",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1192"
},
{
"name": "http://www.matousec.com/info/advisories/Norton-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php",
"refsource": "MISC",
"url": "http://www.matousec.com/info/advisories/Norton-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php"
},
{
"name": "20070401 Norton Multiple insufficient argument validation of hooked SSDT function Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464456/100/0/threaded"
},
{
"name": "1021386",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021386"
},
{
"name": "1017837",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017837"
},
{
"name": "23241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23241"
},
{
"name": "1021388",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021388"
},
{
"name": "1021389",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021389"
},
{
"name": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php",
"refsource": "MISC",
"url": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2008.12.12.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.12.12.html"
},
{
"name": "symantec-firewall-ssdt-dos(33352)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33352"
},
{
"name": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php",
"refsource": "MISC",
"url": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php"
},
{
"name": "34692",
"refsource": "OSVDB",
"url": "http://osvdb.org/34692"
},
{
"name": "1017838",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017838"
},
{
"name": "1021387",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021387"
},
{
"name": "24677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24677"
},
{
"name": "20070918 Plague in (security) software drivers \u0026 BSDOhook utility",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/479830/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1793",
"datePublished": "2007-04-02T22:00:00",
"dateReserved": "2007-04-02T00:00:00",
"dateUpdated": "2024-08-07T13:06:26.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-2955
Vulnerability from cvelistv5
Published
2007-08-09 21:00
Modified
2024-08-07 13:57
Severity ?
EPSS score ?
Summary
Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35944 | vdb-entry, x_refsource_XF | |
| http://www.symantec.com/avcenter/security/Content/2007.08.09.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1018547 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/secunia_research/2007-53/advisory/ | x_refsource_MISC | |
| http://www.vupen.com/english/advisories/2007/2822 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/25215 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1018546 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/24983 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1018545 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "symantec-navcomui-code-execution(35944)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35944"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.08.09.html"
},
{
"name": "1018547",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018547"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2007-53/advisory/"
},
{
"name": "ADV-2007-2822",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2822"
},
{
"name": "25215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25215"
},
{
"name": "1018546",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018546"
},
{
"name": "24983",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24983"
},
{
"name": "1018545",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018545"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified \"input validation error\" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "symantec-navcomui-code-execution(35944)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35944"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.08.09.html"
},
{
"name": "1018547",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018547"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2007-53/advisory/"
},
{
"name": "ADV-2007-2822",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2822"
},
{
"name": "25215",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25215"
},
{
"name": "1018546",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018546"
},
{
"name": "24983",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24983"
},
{
"name": "1018545",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018545"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2007-2955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified \"input validation error\" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "symantec-navcomui-code-execution(35944)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35944"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2007.08.09.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2007.08.09.html"
},
{
"name": "1018547",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018547"
},
{
"name": "http://secunia.com/secunia_research/2007-53/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2007-53/advisory/"
},
{
"name": "ADV-2007-2822",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2822"
},
{
"name": "25215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25215"
},
{
"name": "1018546",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018546"
},
{
"name": "24983",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24983"
},
{
"name": "1018545",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018545"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2007-2955",
"datePublished": "2007-08-09T21:00:00",
"dateReserved": "2007-05-31T00:00:00",
"dateUpdated": "2024-08-07T13:57:54.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3699
Vulnerability from cvelistv5
Published
2007-10-05 21:00
Modified
2024-08-07 14:28
Severity ?
EPSS score ?
Summary
The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/26053 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2007/2508 | vdb-entry, x_refsource_VUPEN | |
| http://osvdb.org/36119 | vdb-entry, x_refsource_OSVDB | |
| http://www.zerodayinitiative.com/advisories/ZDI-07-039.html | x_refsource_MISC | |
| http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/24282 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:52.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26053",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26053"
},
{
"name": "ADV-2007-2508",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2508"
},
{
"name": "36119",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36119"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-039.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html"
},
{
"name": "24282",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26053",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26053"
},
{
"name": "ADV-2007-2508",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2508"
},
{
"name": "36119",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36119"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-039.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html"
},
{
"name": "24282",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24282"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26053",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26053"
},
{
"name": "ADV-2007-2508",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2508"
},
{
"name": "36119",
"refsource": "OSVDB",
"url": "http://osvdb.org/36119"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-039.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-039.html"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html"
},
{
"name": "24282",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24282"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3699",
"datePublished": "2007-10-05T21:00:00",
"dateReserved": "2007-07-11T00:00:00",
"dateUpdated": "2024-08-07T14:28:52.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0445
Vulnerability from cvelistv5
Published
2004-05-20 04:00
Modified
2024-08-08 00:17
Severity ?
EPSS score ?
Summary
The SYMDNS.SYS driver in Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a DNS response with a compressed name pointer that points to itself.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1010146 | vdb-entry, x_refsource_SECTRACK | |
| http://securitytracker.com/id?1010145 | vdb-entry, x_refsource_SECTRACK | |
| http://www.ciac.org/ciac/bulletins/o-141.shtml | third-party-advisory, government-resource, x_refsource_CIAC | |
| http://www.kb.cert.org/vuls/id/682110 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.osvdb.org/6100 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16132 | vdb-entry, x_refsource_XF | |
| http://securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html | x_refsource_CONFIRM | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021359.html | mailing-list, x_refsource_FULLDISC | |
| http://securitytracker.com/id?1010144 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/11066 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/10336 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1010146",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010146"
},
{
"name": "1010145",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010145"
},
{
"name": "O-141",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/o-141.shtml"
},
{
"name": "VU#682110",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/682110"
},
{
"name": "6100",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6100"
},
{
"name": "symantec-firewall-dns-dos(16132)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16132"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html"
},
{
"name": "20040512 EEYE: Symantec Multiple Firewall DNS Response Denial-of-Service",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021359.html"
},
{
"name": "1010144",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010144"
},
{
"name": "11066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11066"
},
{
"name": "10336",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10336"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SYMDNS.SYS driver in Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a DNS response with a compressed name pointer that points to itself."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1010146",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010146"
},
{
"name": "1010145",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010145"
},
{
"name": "O-141",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/o-141.shtml"
},
{
"name": "VU#682110",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/682110"
},
{
"name": "6100",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6100"
},
{
"name": "symantec-firewall-dns-dos(16132)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16132"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html"
},
{
"name": "20040512 EEYE: Symantec Multiple Firewall DNS Response Denial-of-Service",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021359.html"
},
{
"name": "1010144",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010144"
},
{
"name": "11066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11066"
},
{
"name": "10336",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10336"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SYMDNS.SYS driver in Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a DNS response with a compressed name pointer that points to itself."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1010146",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010146"
},
{
"name": "1010145",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010145"
},
{
"name": "O-141",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-141.shtml"
},
{
"name": "VU#682110",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/682110"
},
{
"name": "6100",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6100"
},
{
"name": "symantec-firewall-dns-dos(16132)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16132"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html"
},
{
"name": "20040512 EEYE: Symantec Multiple Firewall DNS Response Denial-of-Service",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021359.html"
},
{
"name": "1010144",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010144"
},
{
"name": "11066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11066"
},
{
"name": "10336",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10336"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0445",
"datePublished": "2004-05-20T04:00:00",
"dateReserved": "2004-05-04T00:00:00",
"dateUpdated": "2024-08-08T00:17:14.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5404
Vulnerability from cvelistv5
Published
2006-10-19 01:00
Modified
2024-08-07 19:48
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to obtain sensitive information via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1016988 | vdb-entry, x_refsource_SECTRACK | |
| http://securitytracker.com/id?1016991 | vdb-entry, x_refsource_SECTRACK | |
| http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1016989 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2006/3929 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/22228 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1016990 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/29366 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/20348 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:48:30.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1016988",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016988"
},
{
"name": "1016991",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016991"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
},
{
"name": "1016989",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016989"
},
{
"name": "ADV-2006-3929",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3929"
},
{
"name": "22228",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22228"
},
{
"name": "1016990",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016990"
},
{
"name": "symantec-support-tool-info-disclosure(29366)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29366"
},
{
"name": "20348",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20348"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1016988",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016988"
},
{
"name": "1016991",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016991"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
},
{
"name": "1016989",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016989"
},
{
"name": "ADV-2006-3929",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3929"
},
{
"name": "22228",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22228"
},
{
"name": "1016990",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016990"
},
{
"name": "symantec-support-tool-info-disclosure(29366)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29366"
},
{
"name": "20348",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20348"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016988",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016988"
},
{
"name": "1016991",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016991"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
},
{
"name": "1016989",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016989"
},
{
"name": "ADV-2006-3929",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3929"
},
{
"name": "22228",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22228"
},
{
"name": "1016990",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016990"
},
{
"name": "symantec-support-tool-info-disclosure(29366)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29366"
},
{
"name": "20348",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20348"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5404",
"datePublished": "2006-10-19T01:00:00",
"dateReserved": "2006-10-18T00:00:00",
"dateUpdated": "2024-08-07T19:48:30.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5829
Vulnerability from cvelistv5
Published
2007-11-05 19:00
Modified
2024-08-07 15:47
Severity ?
EPSS score ?
Summary
The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet Security for Macintosh 3.x, uses a directory with weak permissions (group writable), which allows local admin users to gain root privileges by replacing unspecified files, which are executed when a user with physical access inserts a disk and the "Show Progress During Mount Scans" option is enabled.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityresponse.symantec.com/avcenter/security/Content/2007.11.02.html | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1018890 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/38229 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/27488 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/26253 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1018889 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2007/3698 | vdb-entry, x_refsource_VUPEN | |
| http://osvdb.org/40864 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:47:00.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.11.02.html"
},
{
"name": "1018890",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018890"
},
{
"name": "symantec-av-mac-privilege-escalation(38229)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38229"
},
{
"name": "27488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27488"
},
{
"name": "26253",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26253"
},
{
"name": "1018889",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018889"
},
{
"name": "ADV-2007-3698",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3698"
},
{
"name": "40864",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40864"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet Security for Macintosh 3.x, uses a directory with weak permissions (group writable), which allows local admin users to gain root privileges by replacing unspecified files, which are executed when a user with physical access inserts a disk and the \"Show Progress During Mount Scans\" option is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.11.02.html"
},
{
"name": "1018890",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018890"
},
{
"name": "symantec-av-mac-privilege-escalation(38229)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38229"
},
{
"name": "27488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27488"
},
{
"name": "26253",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26253"
},
{
"name": "1018889",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018889"
},
{
"name": "ADV-2007-3698",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3698"
},
{
"name": "40864",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40864"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet Security for Macintosh 3.x, uses a directory with weak permissions (group writable), which allows local admin users to gain root privileges by replacing unspecified files, which are executed when a user with physical access inserts a disk and the \"Show Progress During Mount Scans\" option is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2007.11.02.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.11.02.html"
},
{
"name": "1018890",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018890"
},
{
"name": "symantec-av-mac-privilege-escalation(38229)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38229"
},
{
"name": "27488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27488"
},
{
"name": "26253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26253"
},
{
"name": "1018889",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018889"
},
{
"name": "ADV-2007-3698",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3698"
},
{
"name": "40864",
"refsource": "OSVDB",
"url": "http://osvdb.org/40864"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5829",
"datePublished": "2007-11-05T19:00:00",
"dateReserved": "2007-11-05T00:00:00",
"dateUpdated": "2024-08-07T15:47:00.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5403
Vulnerability from cvelistv5
Published
2006-10-19 01:00
Modified
2024-08-07 19:48
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1016988 | vdb-entry, x_refsource_SECTRACK | |
| http://securitytracker.com/id?1016991 | vdb-entry, x_refsource_SECTRACK | |
| http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1016989 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2006/3929 | vdb-entry, x_refsource_VUPEN | |
| http://www.kb.cert.org/vuls/id/400601 | third-party-advisory, x_refsource_CERT-VN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/29363 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/22228 | third-party-advisory, x_refsource_SECUNIA | |
| http://securitytracker.com/id?1016990 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/20348 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:48:30.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1016988",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016988"
},
{
"name": "1016991",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016991"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
},
{
"name": "1016989",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016989"
},
{
"name": "ADV-2006-3929",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3929"
},
{
"name": "VU#400601",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/400601"
},
{
"name": "symantec-support-tool-activex-bo(29363)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29363"
},
{
"name": "22228",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22228"
},
{
"name": "1016990",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016990"
},
{
"name": "20348",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20348"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1016988",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016988"
},
{
"name": "1016991",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016991"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
},
{
"name": "1016989",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016989"
},
{
"name": "ADV-2006-3929",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3929"
},
{
"name": "VU#400601",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/400601"
},
{
"name": "symantec-support-tool-activex-bo(29363)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29363"
},
{
"name": "22228",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22228"
},
{
"name": "1016990",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016990"
},
{
"name": "20348",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20348"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1016988",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016988"
},
{
"name": "1016991",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016991"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
},
{
"name": "1016989",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016989"
},
{
"name": "ADV-2006-3929",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3929"
},
{
"name": "VU#400601",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/400601"
},
{
"name": "symantec-support-tool-activex-bo(29363)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29363"
},
{
"name": "22228",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22228"
},
{
"name": "1016990",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016990"
},
{
"name": "20348",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20348"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5403",
"datePublished": "2006-10-19T01:00:00",
"dateReserved": "2006-10-18T00:00:00",
"dateUpdated": "2024-08-07T19:48:30.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2207
Vulnerability from cvelistv5
Published
2016-06-30 23:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation) via a crafted RAR file that is mishandled during decompression.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/91434 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1036199 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1036198 | vdb-entry, x_refsource_SECTRACK | |
| https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00 | x_refsource_CONFIRM | |
| https://www.exploit-db.com/exploits/40031/ | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "91434",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91434"
},
{
"name": "1036199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036199"
},
{
"name": "1036198",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036198"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
},
{
"name": "40031",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40031/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation) via a crafted RAR file that is mishandled during decompression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "91434",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91434"
},
{
"name": "1036199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036199"
},
{
"name": "1036198",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036198"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
},
{
"name": "40031",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40031/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-2207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation) via a crafted RAR file that is mishandled during decompression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "91434",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91434"
},
{
"name": "1036199",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036199"
},
{
"name": "1036198",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036198"
},
{
"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
},
{
"name": "40031",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40031/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2016-2207",
"datePublished": "2016-06-30T23:00:00",
"dateReserved": "2016-02-02T00:00:00",
"dateUpdated": "2024-08-05T23:24:48.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0249
Vulnerability from cvelistv5
Published
2005-02-08 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.kb.cert.org/vuls/id/107822 | third-party-advisory, x_refsource_CERT-VN | |
| http://xforce.iss.net/xforce/alerts/id/187 | third-party-advisory, x_refsource_ISS | |
| http://securitytracker.com/id?1013133 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18869 | vdb-entry, x_refsource_XF | |
| http://www.symantec.com/avcenter/security/Content/2005.02.08.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#107822",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/107822"
},
{
"name": "20050208 Symantec AntiVirus Library Heap Overflow",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://xforce.iss.net/xforce/alerts/id/187"
},
{
"name": "1013133",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013133"
},
{
"name": "upx-engine-gain-control(18869)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18869"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2005.02.08.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#107822",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/107822"
},
{
"name": "20050208 Symantec AntiVirus Library Heap Overflow",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://xforce.iss.net/xforce/alerts/id/187"
},
{
"name": "1013133",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013133"
},
{
"name": "upx-engine-gain-control(18869)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18869"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2005.02.08.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#107822",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/107822"
},
{
"name": "20050208 Symantec AntiVirus Library Heap Overflow",
"refsource": "ISS",
"url": "http://xforce.iss.net/xforce/alerts/id/187"
},
{
"name": "1013133",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013133"
},
{
"name": "upx-engine-gain-control(18869)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18869"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2005.02.08.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2005.02.08.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0249",
"datePublished": "2005-02-08T05:00:00",
"dateReserved": "2005-02-08T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1346
Vulnerability from cvelistv5
Published
2005-04-28 04:00
Modified
2024-08-07 21:44
Severity ?
EPSS score ?
Summary
Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote attackers to cause a denial of service (component crash) and avoid detection via a crafted RAR file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityresponse.symantec.com/avcenter/security/Content/2005.04.27.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:06.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.04.27.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote attackers to cause a denial of service (component crash) and avoid detection via a crafted RAR file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:41:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.04.27.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote attackers to cause a denial of service (component crash) and avoid detection via a crafted RAR file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2005.04.27.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.04.27.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1346",
"datePublished": "2005-04-28T04:00:00",
"dateReserved": "2005-04-28T00:00:00",
"dateUpdated": "2024-08-07T21:44:06.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0444
Vulnerability from cvelistv5
Published
2004-05-20 04:00
Modified
2024-08-08 00:17
Severity ?
EPSS score ?
Summary
Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allow remote attackers to cause a denial of service or execute arbitrary code via (1) a manipulated length byte in the first-level decoding routine for NetBIOS Name Service (NBNS) that modifies an index variable and leads to a stack-based buffer overflow, (2) a heap-based corruption problem in an NBNS response that is missing certain RR fields, and (3) a stack-based buffer overflow in the DNS component via a Resource Record (RR) with a long canonical name (CNAME) field composed of many smaller components.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6099",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6099"
},
{
"name": "VU#634414",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/634414"
},
{
"name": "1010146",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010146"
},
{
"name": "1010145",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010145"
},
{
"name": "VU#637318",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/637318"
},
{
"name": "10335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10335"
},
{
"name": "O-141",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/o-141.shtml"
},
{
"name": "20040512 EEYE: Symantec Multiple Firewall NBNS Response Processing Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021360.html"
},
{
"name": "VU#294998",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/294998"
},
{
"name": "10333",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10333"
},
{
"name": "symantec-nbns-response-bo(16134)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16134"
},
{
"name": "20040512 EEYE: Symantec Multiple Firewall Remote DNS KERNEL Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021361.html"
},
{
"name": "6101",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6101"
},
{
"name": "6102",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6102"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html"
},
{
"name": "symantec-dns-response-bo(16137)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16137"
},
{
"name": "1010144",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010144"
},
{
"name": "20040512 EEYE: Symantec Multiple Firewall NBNS Response Remote Heap Corruption",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021362.html"
},
{
"name": "10334",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10334"
},
{
"name": "11066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11066"
},
{
"name": "symantec-firewalls-nbns-bo(16135)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16135"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allow remote attackers to cause a denial of service or execute arbitrary code via (1) a manipulated length byte in the first-level decoding routine for NetBIOS Name Service (NBNS) that modifies an index variable and leads to a stack-based buffer overflow, (2) a heap-based corruption problem in an NBNS response that is missing certain RR fields, and (3) a stack-based buffer overflow in the DNS component via a Resource Record (RR) with a long canonical name (CNAME) field composed of many smaller components."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6099",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6099"
},
{
"name": "VU#634414",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/634414"
},
{
"name": "1010146",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010146"
},
{
"name": "1010145",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010145"
},
{
"name": "VU#637318",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/637318"
},
{
"name": "10335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10335"
},
{
"name": "O-141",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/o-141.shtml"
},
{
"name": "20040512 EEYE: Symantec Multiple Firewall NBNS Response Processing Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021360.html"
},
{
"name": "VU#294998",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/294998"
},
{
"name": "10333",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10333"
},
{
"name": "symantec-nbns-response-bo(16134)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16134"
},
{
"name": "20040512 EEYE: Symantec Multiple Firewall Remote DNS KERNEL Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021361.html"
},
{
"name": "6101",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6101"
},
{
"name": "6102",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6102"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html"
},
{
"name": "symantec-dns-response-bo(16137)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16137"
},
{
"name": "1010144",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010144"
},
{
"name": "20040512 EEYE: Symantec Multiple Firewall NBNS Response Remote Heap Corruption",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021362.html"
},
{
"name": "10334",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10334"
},
{
"name": "11066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11066"
},
{
"name": "symantec-firewalls-nbns-bo(16135)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16135"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allow remote attackers to cause a denial of service or execute arbitrary code via (1) a manipulated length byte in the first-level decoding routine for NetBIOS Name Service (NBNS) that modifies an index variable and leads to a stack-based buffer overflow, (2) a heap-based corruption problem in an NBNS response that is missing certain RR fields, and (3) a stack-based buffer overflow in the DNS component via a Resource Record (RR) with a long canonical name (CNAME) field composed of many smaller components."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6099",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6099"
},
{
"name": "VU#634414",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/634414"
},
{
"name": "1010146",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010146"
},
{
"name": "1010145",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010145"
},
{
"name": "VU#637318",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/637318"
},
{
"name": "10335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10335"
},
{
"name": "O-141",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-141.shtml"
},
{
"name": "20040512 EEYE: Symantec Multiple Firewall NBNS Response Processing Stack Overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021360.html"
},
{
"name": "VU#294998",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/294998"
},
{
"name": "10333",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10333"
},
{
"name": "symantec-nbns-response-bo(16134)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16134"
},
{
"name": "20040512 EEYE: Symantec Multiple Firewall Remote DNS KERNEL Overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021361.html"
},
{
"name": "6101",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6101"
},
{
"name": "6102",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6102"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html"
},
{
"name": "symantec-dns-response-bo(16137)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16137"
},
{
"name": "1010144",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010144"
},
{
"name": "20040512 EEYE: Symantec Multiple Firewall NBNS Response Remote Heap Corruption",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021362.html"
},
{
"name": "10334",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10334"
},
{
"name": "11066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11066"
},
{
"name": "symantec-firewalls-nbns-bo(16135)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16135"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0444",
"datePublished": "2004-05-20T04:00:00",
"dateReserved": "2004-05-04T00:00:00",
"dateUpdated": "2024-08-08T00:17:14.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0923
Vulnerability from cvelistv5
Published
2005-03-29 05:00
Modified
2024-08-07 21:28
Severity ?
EPSS score ?
Summary
The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (CPU consumption and system crash) by renaming a file on a network share.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1013586 | vdb-entry, x_refsource_SECTRACK | |
| http://www.kb.cert.org/vuls/id/713620 | third-party-advisory, x_refsource_CERT-VN | |
| http://securitytracker.com/id?1013587 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/12924 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1013585 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/14741 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:28:29.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html"
},
{
"name": "1013586",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013586"
},
{
"name": "VU#713620",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/713620"
},
{
"name": "1013587",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013587"
},
{
"name": "12924",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12924"
},
{
"name": "1013585",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013585"
},
{
"name": "14741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14741"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (CPU consumption and system crash) by renaming a file on a network share."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-04-05T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html"
},
{
"name": "1013586",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013586"
},
{
"name": "VU#713620",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/713620"
},
{
"name": "1013587",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013587"
},
{
"name": "12924",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12924"
},
{
"name": "1013585",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013585"
},
{
"name": "14741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14741"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (CPU consumption and system crash) by renaming a file on a network share."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html"
},
{
"name": "1013586",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013586"
},
{
"name": "VU#713620",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/713620"
},
{
"name": "1013587",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013587"
},
{
"name": "12924",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12924"
},
{
"name": "1013585",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013585"
},
{
"name": "14741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14741"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0923",
"datePublished": "2005-03-29T05:00:00",
"dateReserved": "2005-03-29T00:00:00",
"dateUpdated": "2024-08-07T21:28:29.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5047
Vulnerability from cvelistv5
Published
2007-09-24 00:00
Modified
2024-08-07 15:17
Severity ?
EPSS score ?
Summary
Norton Internet Security 2008 15.0.0.60 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the NtOpenSection kernel SSDT hook. NOTE: the NtCreateMutant and NtOpenEvent function hooks are already covered by CVE-2007-1793.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/45897 | vdb-entry, x_refsource_OSVDB | |
| http://securityreason.com/securityalert/3161 | third-party-advisory, x_refsource_SREASON | |
| http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php | x_refsource_MISC | |
| http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/479830/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:28.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "45897",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45897"
},
{
"name": "3161",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3161"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php"
},
{
"name": "20070918 Plague in (security) software drivers \u0026 BSDOhook utility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/479830/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Norton Internet Security 2008 15.0.0.60 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the NtOpenSection kernel SSDT hook. NOTE: the NtCreateMutant and NtOpenEvent function hooks are already covered by CVE-2007-1793."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "45897",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45897"
},
{
"name": "3161",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3161"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php"
},
{
"name": "20070918 Plague in (security) software drivers \u0026 BSDOhook utility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/479830/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Norton Internet Security 2008 15.0.0.60 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the NtOpenSection kernel SSDT hook. NOTE: the NtCreateMutant and NtOpenEvent function hooks are already covered by CVE-2007-1793."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45897",
"refsource": "OSVDB",
"url": "http://osvdb.org/45897"
},
{
"name": "3161",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3161"
},
{
"name": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php",
"refsource": "MISC",
"url": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php"
},
{
"name": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php",
"refsource": "MISC",
"url": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php"
},
{
"name": "20070918 Plague in (security) software drivers \u0026 BSDOhook utility",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/479830/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5047",
"datePublished": "2007-09-24T00:00:00",
"dateReserved": "2007-09-23T00:00:00",
"dateUpdated": "2024-08-07T15:17:28.046Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0994
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 02:12
Severity ?
EPSS score ?
Summary
The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/3428 | vdb-entry, x_refsource_OSVDB | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html | mailing-list, x_refsource_FULLDISC | |
| http://marc.info/?l=bugtraq&m=107393473928245&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.secnetops.biz/research/SRT2004-01-09-1022.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:12:35.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3428",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3428"
},
{
"name": "20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html"
},
{
"name": "20040112 Re: SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107393473928245\u0026w=2"
},
{
"name": "20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.secnetops.biz/research/SRT2004-01-09-1022.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-01-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3428",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3428"
},
{
"name": "20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html"
},
{
"name": "20040112 Re: SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107393473928245\u0026w=2"
},
{
"name": "20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.secnetops.biz/research/SRT2004-01-09-1022.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3428",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3428"
},
{
"name": "20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html"
},
{
"name": "20040112 Re: SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107393473928245\u0026w=2"
},
{
"name": "20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM",
"refsource": "BUGTRAQ",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html"
},
{
"name": "http://www.secnetops.biz/research/SRT2004-01-09-1022.txt",
"refsource": "MISC",
"url": "http://www.secnetops.biz/research/SRT2004-01-09-1022.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0994",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2003-12-16T00:00:00",
"dateUpdated": "2024-08-08T02:12:35.874Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1428
Vulnerability from cvelistv5
Published
2009-04-29 15:00
Modified
2024-08-07 05:13
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus (SAV) before 10.1 MR8, Symantec Endpoint Protection (SEP) 11.0 before 11.0 MR1, Norton 360 1.0, and Norton Internet Security 2005 through 2008, allow remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, related to "two parsing errors."
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/50170 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2009/1203 | vdb-entry, x_refsource_VUPEN | |
| http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_01 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/34669 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1022135 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id?1022134 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id?1022133 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/34936 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/54132 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:13:25.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "multiple-symantec-log-xss(50170)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50170"
},
{
"name": "ADV-2009-1203",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1203"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090428_01"
},
{
"name": "34669",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34669"
},
{
"name": "1022135",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022135"
},
{
"name": "1022134",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022134"
},
{
"name": "1022133",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022133"
},
{
"name": "34936",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34936"
},
{
"name": "54132",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54132"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus (SAV) before 10.1 MR8, Symantec Endpoint Protection (SEP) 11.0 before 11.0 MR1, Norton 360 1.0, and Norton Internet Security 2005 through 2008, allow remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, related to \"two parsing errors.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "multiple-symantec-log-xss(50170)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50170"
},
{
"name": "ADV-2009-1203",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1203"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090428_01"
},
{
"name": "34669",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34669"
},
{
"name": "1022135",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022135"
},
{
"name": "1022134",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022134"
},
{
"name": "1022133",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022133"
},
{
"name": "34936",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34936"
},
{
"name": "54132",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54132"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus (SAV) before 10.1 MR8, Symantec Endpoint Protection (SEP) 11.0 before 11.0 MR1, Norton 360 1.0, and Norton Internet Security 2005 through 2008, allow remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, related to \"two parsing errors.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "multiple-symantec-log-xss(50170)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50170"
},
{
"name": "ADV-2009-1203",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1203"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090428_01",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090428_01"
},
{
"name": "34669",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34669"
},
{
"name": "1022135",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022135"
},
{
"name": "1022134",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022134"
},
{
"name": "1022133",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022133"
},
{
"name": "34936",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34936"
},
{
"name": "54132",
"refsource": "OSVDB",
"url": "http://osvdb.org/54132"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1428",
"datePublished": "2009-04-29T15:00:00",
"dateReserved": "2009-04-24T00:00:00",
"dateUpdated": "2024-08-07T05:13:25.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0447
Vulnerability from cvelistv5
Published
2007-10-05 21:00
Modified
2024-08-07 12:19
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/26053 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2007/2508 | vdb-entry, x_refsource_VUPEN | |
| http://osvdb.org/36118 | vdb-entry, x_refsource_OSVDB | |
| http://www.zerodayinitiative.com/advisories/ZDI-07-040.html | x_refsource_MISC | |
| http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/24282 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:19:30.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26053",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26053"
},
{
"name": "ADV-2007-2508",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2508"
},
{
"name": "36118",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36118"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-040.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html"
},
{
"name": "24282",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26053",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26053"
},
{
"name": "ADV-2007-2508",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2508"
},
{
"name": "36118",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36118"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-040.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html"
},
{
"name": "24282",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24282"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26053",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26053"
},
{
"name": "ADV-2007-2508",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2508"
},
{
"name": "36118",
"refsource": "OSVDB",
"url": "http://osvdb.org/36118"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-040.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-040.html"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html"
},
{
"name": "24282",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24282"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0447",
"datePublished": "2007-10-05T21:00:00",
"dateReserved": "2007-01-23T00:00:00",
"dateUpdated": "2024-08-07T12:19:30.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1695
Vulnerability from cvelistv5
Published
2005-06-21 04:00
Modified
2024-08-08 03:34
Severity ?
EPSS score ?
Summary
Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/3888 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7919 | vdb-entry, x_refsource_XF | |
| http://online.securityfocus.com/archive/1/250591 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:34:55.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3888",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3888"
},
{
"name": "iis-modify-log(7919)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7919"
},
{
"name": "20020114 NMRC Advisory: OpenFile Win32 API Log Overwriting/Rewriting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/250591"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3888",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3888"
},
{
"name": "iis-modify-log(7919)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7919"
},
{
"name": "20020114 NMRC Advisory: OpenFile Win32 API Log Overwriting/Rewriting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/250591"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3888",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3888"
},
{
"name": "iis-modify-log(7919)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7919"
},
{
"name": "20020114 NMRC Advisory: OpenFile Win32 API Log Overwriting/Rewriting",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/250591"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1695",
"datePublished": "2005-06-21T04:00:00",
"dateReserved": "2005-06-21T00:00:00",
"dateUpdated": "2024-08-08T03:34:55.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0922
Vulnerability from cvelistv5
Published
2005-03-29 05:00
Modified
2024-08-07 21:28
Severity ?
EPSS score ?
Summary
Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (system hang or crash) by triggering a scan of a certain file type.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/12923 | vdb-entry, x_refsource_BID | |
| http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1013586 | vdb-entry, x_refsource_SECTRACK | |
| http://www.kb.cert.org/vuls/id/146020 | third-party-advisory, x_refsource_CERT-VN | |
| http://securitytracker.com/id?1013587 | vdb-entry, x_refsource_SECTRACK | |
| http://securitytracker.com/id?1013585 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/14741 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:28:29.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12923",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12923"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html"
},
{
"name": "1013586",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013586"
},
{
"name": "VU#146020",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/146020"
},
{
"name": "1013587",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013587"
},
{
"name": "1013585",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013585"
},
{
"name": "14741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14741"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (system hang or crash) by triggering a scan of a certain file type."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-04-05T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12923",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12923"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html"
},
{
"name": "1013586",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013586"
},
{
"name": "VU#146020",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/146020"
},
{
"name": "1013587",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013587"
},
{
"name": "1013585",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013585"
},
{
"name": "14741",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14741"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (system hang or crash) by triggering a scan of a certain file type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12923",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12923"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html"
},
{
"name": "1013586",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013586"
},
{
"name": "VU#146020",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/146020"
},
{
"name": "1013587",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013587"
},
{
"name": "1013585",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013585"
},
{
"name": "14741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14741"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0922",
"datePublished": "2005-03-29T05:00:00",
"dateReserved": "2005-03-29T00:00:00",
"dateUpdated": "2024-08-07T21:28:29.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3645
Vulnerability from cvelistv5
Published
2016-06-30 23:00
Modified
2024-08-06 00:03
Severity ?
EPSS score ?
Summary
Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to have an unspecified impact via crafted TNEF data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036199 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1036198 | vdb-entry, x_refsource_SECTRACK | |
| https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00 | x_refsource_CONFIRM | |
| https://www.exploit-db.com/exploits/40035/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/91439 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:03:34.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036199"
},
{
"name": "1036198",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036198"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
},
{
"name": "40035",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40035/"
},
{
"name": "91439",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91439"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to have an unspecified impact via crafted TNEF data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "1036199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036199"
},
{
"name": "1036198",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036198"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
},
{
"name": "40035",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40035/"
},
{
"name": "91439",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91439"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-3645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to have an unspecified impact via crafted TNEF data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036199",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036199"
},
{
"name": "1036198",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036198"
},
{
"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
},
{
"name": "40035",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40035/"
},
{
"name": "91439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91439"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2016-3645",
"datePublished": "2016-06-30T23:00:00",
"dateReserved": "2016-03-23T00:00:00",
"dateUpdated": "2024-08-06T00:03:34.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0375
Vulnerability from cvelistv5
Published
2004-05-05 04:00
Modified
2024-08-08 00:17
Severity ?
EPSS score ?
Summary
SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 and 1.1 allow remote attackers to cause a denial of service (infinite loop) via a TCP packet with (1) SACK option or (2) Alternate Checksum Data option followed by a length of zero.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1009379 | vdb-entry, x_refsource_SECTRACK | |
| http://www.symantec.com/avcenter/security/Content/2004.04.20.html | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1009380 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15433 | vdb-entry, x_refsource_XF | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15936 | vdb-entry, x_refsource_XF | |
| http://www.eeye.com/html/Research/Upcoming/20040309.html | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=108275582432246&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/9912 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:17:14.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1009379",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1009379"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.symantec.com/avcenter/security/Content/2004.04.20.html"
},
{
"name": "1009380",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1009380"
},
{
"name": "norton-firewalls-dos(15433)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15433"
},
{
"name": "symantec-firewall-tcp-dos(15936)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15936"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.eeye.com/html/Research/Upcoming/20040309.html"
},
{
"name": "20040423 EEYE: Symantec Multiple Firewall TCP Options Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108275582432246\u0026w=2"
},
{
"name": "9912",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9912"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 and 1.1 allow remote attackers to cause a denial of service (infinite loop) via a TCP packet with (1) SACK option or (2) Alternate Checksum Data option followed by a length of zero."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1009379",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1009379"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.symantec.com/avcenter/security/Content/2004.04.20.html"
},
{
"name": "1009380",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1009380"
},
{
"name": "norton-firewalls-dos(15433)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15433"
},
{
"name": "symantec-firewall-tcp-dos(15936)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15936"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.eeye.com/html/Research/Upcoming/20040309.html"
},
{
"name": "20040423 EEYE: Symantec Multiple Firewall TCP Options Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108275582432246\u0026w=2"
},
{
"name": "9912",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9912"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 and 1.1 allow remote attackers to cause a denial of service (infinite loop) via a TCP packet with (1) SACK option or (2) Alternate Checksum Data option followed by a length of zero."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1009379",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009379"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2004.04.20.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2004.04.20.html"
},
{
"name": "1009380",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009380"
},
{
"name": "norton-firewalls-dos(15433)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15433"
},
{
"name": "symantec-firewall-tcp-dos(15936)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15936"
},
{
"name": "http://www.eeye.com/html/Research/Upcoming/20040309.html",
"refsource": "MISC",
"url": "http://www.eeye.com/html/Research/Upcoming/20040309.html"
},
{
"name": "20040423 EEYE: Symantec Multiple Firewall TCP Options Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108275582432246\u0026w=2"
},
{
"name": "9912",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9912"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0375",
"datePublished": "2004-05-05T04:00:00",
"dateReserved": "2004-03-29T00:00:00",
"dateUpdated": "2024-08-08T00:17:14.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1836
Vulnerability from cvelistv5
Published
2006-04-19 16:00
Modified
2024-08-07 17:27
Severity ?
EPSS score ?
Summary
Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/100 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/17571 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2006/1386 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/archive/1/431318/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://securitytracker.com/id?1015953 | vdb-entry, x_refsource_SECTRACK | |
| http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/19682 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25839 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:27:29.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/100"
},
{
"name": "17571",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17571"
},
{
"name": "ADV-2006-1386",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1386"
},
{
"name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
},
{
"name": "1015953",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015953"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
},
{
"name": "19682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19682"
},
{
"name": "liveupdate-exepath-env-privilege-escalation(25839)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "100",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/100"
},
{
"name": "17571",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17571"
},
{
"name": "ADV-2006-1386",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1386"
},
{
"name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
},
{
"name": "1015953",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015953"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
},
{
"name": "19682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19682"
},
{
"name": "liveupdate-exepath-env-privilege-escalation(25839)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/100"
},
{
"name": "17571",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17571"
},
{
"name": "ADV-2006-1386",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1386"
},
{
"name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
},
{
"name": "1015953",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015953"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
},
{
"name": "19682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19682"
},
{
"name": "liveupdate-exepath-env-privilege-escalation(25839)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1836",
"datePublished": "2006-04-19T16:00:00",
"dateReserved": "2006-04-19T00:00:00",
"dateUpdated": "2024-08-07T17:27:29.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3673
Vulnerability from cvelistv5
Published
2007-07-15 21:00
Modified
2024-08-07 14:28
Severity ?
EPSS score ?
Summary
Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\symTDI\, which results in memory overwrite.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/26042 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11d.html | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35347 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/22351 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2007/2507 | vdb-entry, x_refsource_VUPEN | |
| http://osvdb.org/36117 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1018372 | vdb-entry, x_refsource_SECTRACK | |
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=554 | third-party-advisory, x_refsource_IDEFENSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:51.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26042",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26042"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11d.html"
},
{
"name": "symantec-multi-symtdi-privilege-escalation(35347)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35347"
},
{
"name": "22351",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22351"
},
{
"name": "ADV-2007-2507",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2507"
},
{
"name": "36117",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36117"
},
{
"name": "1018372",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018372"
},
{
"name": "20070711 Symantec AntiVirus symtdi.sys Local Privilege Escalation Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=554"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\\\symTDI\\, which results in memory overwrite."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26042",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26042"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11d.html"
},
{
"name": "symantec-multi-symtdi-privilege-escalation(35347)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35347"
},
{
"name": "22351",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22351"
},
{
"name": "ADV-2007-2507",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2507"
},
{
"name": "36117",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36117"
},
{
"name": "1018372",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018372"
},
{
"name": "20070711 Symantec AntiVirus symtdi.sys Local Privilege Escalation Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=554"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\\\symTDI\\, which results in memory overwrite."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26042",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26042"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11d.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11d.html"
},
{
"name": "symantec-multi-symtdi-privilege-escalation(35347)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35347"
},
{
"name": "22351",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22351"
},
{
"name": "ADV-2007-2507",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2507"
},
{
"name": "36117",
"refsource": "OSVDB",
"url": "http://osvdb.org/36117"
},
{
"name": "1018372",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018372"
},
{
"name": "20070711 Symantec AntiVirus symtdi.sys Local Privilege Escalation Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=554"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3673",
"datePublished": "2007-07-15T21:00:00",
"dateReserved": "2007-07-10T00:00:00",
"dateUpdated": "2024-08-07T14:28:51.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5311
Vulnerability from cvelistv5
Published
2020-01-09 19:30
Modified
2024-08-06 01:00
Severity ?
EPSS score ?
Summary
A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/94295 | x_refsource_MISC | |
| http://www.securitytracker.com/id/1037323 | x_refsource_MISC | |
| http://www.securitytracker.com/id/1037324 | x_refsource_MISC | |
| http://www.securitytracker.com/id/1037325 | x_refsource_MISC | |
| https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161117_00 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||
|---|---|---|---|---|---|---|---|
| ▼ | Symantec | Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360 |
Version: before 22.7 |
||||
|
|||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:00:58.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94295"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037323"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037324"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037325"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20161117_00"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360",
"vendor": "Symantec",
"versions": [
{
"status": "affected",
"version": "before 22.7"
}
]
},
{
"product": "Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client",
"vendor": "Symantec",
"versions": [
{
"status": "affected",
"version": "before 22.8.0.50"
}
]
}
],
"datePublic": "2016-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "untrusted search path",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-09T19:30:52",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/94295"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitytracker.com/id/1037323"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitytracker.com/id/1037324"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitytracker.com/id/1037325"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20161117_00"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-5311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360",
"version": {
"version_data": [
{
"version_value": "before 22.7"
}
]
}
},
{
"product_name": "Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client",
"version": {
"version_data": [
{
"version_value": "before 22.8.0.50"
}
]
}
}
]
},
"vendor_name": "Symantec"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "untrusted search path"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/94295",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/94295"
},
{
"name": "http://www.securitytracker.com/id/1037323",
"refsource": "MISC",
"url": "http://www.securitytracker.com/id/1037323"
},
{
"name": "http://www.securitytracker.com/id/1037324",
"refsource": "MISC",
"url": "http://www.securitytracker.com/id/1037324"
},
{
"name": "http://www.securitytracker.com/id/1037325",
"refsource": "MISC",
"url": "http://www.securitytracker.com/id/1037325"
},
{
"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20161117_00",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20161117_00"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2016-5311",
"datePublished": "2020-01-09T19:30:52",
"dateReserved": "2016-06-06T00:00:00",
"dateUpdated": "2024-08-06T01:00:58.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2211
Vulnerability from cvelistv5
Published
2016-06-30 23:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted CAB file that is mishandled during decompression.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036199 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1036198 | vdb-entry, x_refsource_SECTRACK | |
| https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/91438 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036199"
},
{
"name": "1036198",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036198"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
},
{
"name": "91438",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91438"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted CAB file that is mishandled during decompression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-31T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "1036199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036199"
},
{
"name": "1036198",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036198"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
},
{
"name": "91438",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91438"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-2211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted CAB file that is mishandled during decompression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036199",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036199"
},
{
"name": "1036198",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036198"
},
{
"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
},
{
"name": "91438",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91438"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2016-2211",
"datePublished": "2016-06-30T23:00:00",
"dateReserved": "2016-02-02T00:00:00",
"dateUpdated": "2024-08-05T23:24:48.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2210
Vulnerability from cvelistv5
Published
2016-06-30 23:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code via a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036199 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1036198 | vdb-entry, x_refsource_SECTRACK | |
| https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00 | x_refsource_CONFIRM | |
| https://www.exploit-db.com/exploits/40032/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.securityfocus.com/bid/91437 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1036199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036199"
},
{
"name": "1036198",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036198"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
},
{
"name": "40032",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/40032/"
},
{
"name": "91437",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91437"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code via a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "1036199",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036199"
},
{
"name": "1036198",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036198"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
},
{
"name": "40032",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/40032/"
},
{
"name": "91437",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91437"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2016-2210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1036199",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036199"
},
{
"name": "1036198",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036198"
},
{
"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
},
{
"name": "40032",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40032/"
},
{
"name": "91437",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91437"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2016-2210",
"datePublished": "2016-06-30T23:00:00",
"dateReserved": "2016-02-02T00:00:00",
"dateUpdated": "2024-08-05T23:24:48.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-01-09 20:15
Modified
2024-11-21 02:54
Severity ?
Summary
A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99BAFC5B-CF3B-4B6E-A9FF-4426FB4F1C36",
"versionEndExcluding": "22.8.0.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection_cloud:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB3235B-B116-477F-A615-CA4D725A4102",
"versionEndExcluding": "22.8.0.50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB28D86F-DCDE-4034-B166-B3932FB6830D",
"versionEndExcluding": "22.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2725D6BB-F411-4A0F-A68F-A40AE3D76F51",
"versionEndExcluding": "22.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus_with_backup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70D5D6E1-4E7C-44B9-8CC8-1B0EB5ADD462",
"versionEndExcluding": "22.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_family:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB88FB9-8802-4902-B430-4D4F77ECFB0A",
"versionEndExcluding": "22.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03C6560F-041D-4BDB-A857-359F22C93C60",
"versionEndExcluding": "22.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93566F86-6E3B-4C8F-8CA5-6C1662AEEDED",
"versionEndExcluding": "22.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_security_with_backup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53AAF3FD-F59A-4F2D-80E7-2D415C28431C",
"versionEndExcluding": "22.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de escalada de privilegios en Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud y Endpoint Protection Cloud Client, debido a una precarga de DLL sin restricciones de ruta, que podr\u00eda permitir a un usuario malicioso local obtener privilegios system."
}
],
"id": "CVE-2016-5311",
"lastModified": "2024-11-21T02:54:04.670",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-09T20:15:11.163",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94295"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037323"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037324"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037325"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20161117_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94295"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037324"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20161117_00"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-04-02 22:19
Modified
2024-11-21 00:29
Severity ?
Summary
SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions. NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.0:*:corporate:*:*:*:*:*",
"matchCriteriaId": "EEB639EF-B434-42ED-A162-A2593FA78E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.0.1:*:corporate:*:*:*:*:*",
"matchCriteriaId": "5BA427D2-2F74-4314-B68A-164E2B6B0240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.0.1.1:*:corporate:*:*:*:*:*",
"matchCriteriaId": "549049F7-2698-4F68-A1D0-1E4546B9EB23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.0.2:*:corporate:*:*:*:*:*",
"matchCriteriaId": "3E86D9CE-8A86-498B-B3A3-8988274A91E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.0.2.1:*:corporate:*:*:*:*:*",
"matchCriteriaId": "BBF13A92-83EF-44EE-AD87-BA0CF8FF266D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.0.2.2:*:corporate:*:*:*:*:*",
"matchCriteriaId": "D92B456D-A69E-4B10-8F74-D3DFC242F641",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.0.3:*:corporate:*:*:*:*:*",
"matchCriteriaId": "643AF180-138C-472A-8BC5-B8B028E77CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.0.4:*:corporate:*:*:*:*:*",
"matchCriteriaId": "0D56068D-CEF2-46B7-9914-36AB961839C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.0.5:*:corporate:*:*:*:*:*",
"matchCriteriaId": "C8ADDF27-67FF-41D7-BF2E-87AE06FDECD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.0.6:*:corporate:*:*:*:*:*",
"matchCriteriaId": "002290DD-589E-404F-BFC0-A1239D0E92E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.0.7:*:corporate:*:*:*:*:*",
"matchCriteriaId": "D2854BCF-2D37-4BE9-A590-7E25DF443EFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.0.8:*:corporate:*:*:*:*:*",
"matchCriteriaId": "4BDB19A7-8DFA-43AD-9C44-16BBCF4531B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.0.9:*:corporate:*:*:*:*:*",
"matchCriteriaId": "ED683B68-530A-436F-A49B-32890EDFAC93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "844A6963-F60C-4D48-8445-9056C99201D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.0.359:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB1C90D-DBC0-4DA0-AF5D-E42C41E84B60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.1.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "2852548A-39A6-44FB-A73E-96507BA0CD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.1.1001:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9641FC-FF7B-4413-8163-B795AA35C888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.1.1007:*:*:*:*:*:*:*",
"matchCriteriaId": "17862D7F-7001-46B8-A415-2A15A247E9BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.1.1008:*:*:*:*:*:*:*",
"matchCriteriaId": "170AEE7B-31AF-44E2-9B63-9703D0DE721C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.1.1009:*:*:*:*:*:*:*",
"matchCriteriaId": "E651C9BE-201B-4DDC-A650-F9269531290C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56EA0BAC-ED6D-45D2-995C-18B828906E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2000:*:*:*:*:*:*:*",
"matchCriteriaId": "63B1A9FC-707C-4F6F-959B-30B28E43D202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2001:*:*:*:*:*:*:*",
"matchCriteriaId": "87E4E013-A819-42E0-8F8E-9B2D409F900E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2002:*:*:*:*:*:*:*",
"matchCriteriaId": "097B87A8-8176-4426-BDE4-6FDDD272E1B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2010:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBD7767-C352-435B-8963-83F723FFD302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2011:*:*:*:*:*:*:*",
"matchCriteriaId": "E2FC1708-B643-4489-A59C-EBDAFD9B0078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2020:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCE0C8A-A97C-4DE1-B0EE-3A2D16A34C77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2021:*:*:*:*:*:*:*",
"matchCriteriaId": "EE714705-CEE9-4BA1-8573-FD3765BC7F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D24019B-20F0-4B4D-86A5-9409698E6216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.0.396:*:*:*:*:*:*:*",
"matchCriteriaId": "17110872-8BD5-4CB0-9F2A-B18D091A7EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.0.401:*:*:*:*:*:*:*",
"matchCriteriaId": "9D29AD07-6545-4180-8E32-C18586684845",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.394:*:*:*:*:*:*:*",
"matchCriteriaId": "D6090F86-0B42-403F-9996-9B7670EBAA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.396:*:*:*:*:*:*:*",
"matchCriteriaId": "B3706E76-FC65-467E-8D09-A9EAC32E9BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.400:*:*:*:*:*:*:*",
"matchCriteriaId": "BF555313-BB5A-4D8A-A3A1-609ABC39F6FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.401:*:*:*:*:*:*:*",
"matchCriteriaId": "BC74372F-329A-4597-810B-88B865771C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_360:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00819E08-CC5C-48FC-9F80-95B68AB19C65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antispam:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "EA28BC22-ABF0-4F1E-BA83-85B398775450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antispam:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "44553774-85FF-4F2E-81CA-696A454EAA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "DF5E129A-4FA8-4084-92BE-5A65FABD53DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "11477B6E-C4C5-4664-91A7-D253077981F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "44843812-35FC-4378-B239-EEC74A0C8A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "C988B309-F397-412A-8570-C3823C7FE7E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "FA990FD5-DF2F-470A-936D-155A36BEDE3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACBDE0C-91D2-4357-9724-B60BBFF5D2B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "06C7CD61-A47B-4521-8C6F-4BB1F4C95614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CC64B1-772C-42A9-9B0A-08CA92DC87E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "692ECBCD-AB6B-4965-93F4-BDAD4777C018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF87752-C86D-4C89-9DE9-F874068C89EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "36C0FF0C-EB6E-479B-BFF9-E55CBC0D6500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "CB5F3CB3-7EB3-416C-AD2F-6357DC7248CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "C890A979-00E7-44E6-8CEA-8E4B2C966622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2006_9.1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8C73F1-FEF1-40A3-BFAB-CE226B98E001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2006_9.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC50007-59F4-45B0-BABF-BCF2CAB4A9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "F589D9AA-FD1B-4929-93DC-801C36087E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "29F670F0-FD5D-447C-94B8-691482D907F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "05EB078C-2538-4961-ABFF-6C4601C3977F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions. NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected."
},
{
"lang": "es",
"value": "El archivo SPBBCDrv.sys en Symantec Norton Personal Firewall 2006 versiones 9.1.0.33 y 9.1.1.7 no comprueba ciertos argumentos antes de ser pasado hacia los controladores de la funci\u00f3n SSDT enlazada, lo que permite a los usuarios locales causar una denegaci\u00f3n de servicio (bloqueo) o posiblemente ejecutar c\u00f3digo arbitrario por medio de argumentos creados para las funciones (1) NtCreateMutant y (2) NtOpenEvent. NOTA: m\u00e1s tarde se inform\u00f3 que Norton Internet Security 2008 versi\u00f3n 15.0.0.60, y posiblemente otras versiones de 2006, tambi\u00e9n se ven afectados."
}
],
"id": "CVE-2007-1793",
"lastModified": "2024-11-21T00:29:10.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-04-02T22:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/34692"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24677"
},
{
"source": "cve@mitre.org",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.12.12.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.matousec.com/info/advisories/Norton-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/464456/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/479830/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/23241"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1017837"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1017838"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021386"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021387"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021388"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021389"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1192"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/34692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.12.12.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.matousec.com/info/advisories/Norton-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/464456/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/479830/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/23241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1017837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1017838"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33352"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-24 00:17
Modified
2024-11-21 00:37
Severity ?
Summary
Norton Internet Security 2008 15.0.0.60 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the NtOpenSection kernel SSDT hook. NOTE: the NtCreateMutant and NtOpenEvent function hooks are already covered by CVE-2007-1793.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | norton_internet_security | 2008_15.0.0.60 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2008_15.0.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "A49150E7-0E5C-4EF6-A1CD-36B55E421F4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Norton Internet Security 2008 15.0.0.60 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the NtOpenSection kernel SSDT hook. NOTE: the NtCreateMutant and NtOpenEvent function hooks are already covered by CVE-2007-1793."
},
{
"lang": "es",
"value": "Norton Internet Security 2008 15.0.0.60 no valida de forma adecuada ciertos par\u00e1metros en los manejadores de la funci\u00f3n System Service Descriptor Table (SSDT), el cual permite a usuarios locales provocar denegaci\u00f3n de servicio (caida) y posiblemente ganar privilegios a trav\u00e9s del secuestro de NtOpenSection kernel SSDT. NOTA: las funciones NtCreateMutant y NtOpenEvent est\u00e1n cubiertas por CVE-2007-1793."
}
],
"id": "CVE-2007-5047",
"lastModified": "2024-11-21T00:37:01.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-24T00:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/45897"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3161"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/479830/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/45897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/479830/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (system hang or crash) by triggering a scan of a certain file type.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | norton_antivirus | 2.1 | |
| symantec | norton_antivirus | 2005 | |
| symantec | norton_internet_security | 2004 | |
| symantec | norton_internet_security | 2005 | |
| symantec | norton_system_works | 2004_professional | |
| symantec | norton_system_works | 2005_premier |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2.1:*:ms_exchange:*:*:*:*:*",
"matchCriteriaId": "A9415109-C554-40F6-851E-CC016951BDF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "11477B6E-C4C5-4664-91A7-D253077981F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2004:*:professional:*:*:*:*:*",
"matchCriteriaId": "09CA1AC8-E273-44C1-9D1C-19542EB57433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "06C7CD61-A47B-4521-8C6F-4BB1F4C95614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2004_professional:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EEBC3A-58D9-4107-9561-106A9F3B0C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2005_premier:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E481D2-87F3-4912-BB87-5168C6A1BE23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (system hang or crash) by triggering a scan of a certain file type."
}
],
"id": "CVE-2005-0922",
"lastModified": "2024-11-20T23:56:11.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14741"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1013585"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1013586"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1013587"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/146020"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1013585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1013586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1013587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/146020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12923"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-02-08 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5797D88E-6D89-46F9-AC32-154754D6B856",
"versionEndExcluding": "4.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:brightmail_antispam:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "95436CD6-8E9C-4F89-9683-0650F6167027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:brightmail_antispam:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC910CFD-9F20-473E-BC2D-64A7A3C14404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.434:mr3:*:*:*:*:*:*",
"matchCriteriaId": "BE15AE1D-8647-444F-90F0-FC658A3AC344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.437:*:*:*:*:*:*:*",
"matchCriteriaId": "0C03FA86-F2E6-4E41-8368-E917C91D7837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.446:mr4:*:*:*:*:*:*",
"matchCriteriaId": "95BF74F0-40F1-4395-AC85-E6B566950C53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.457:mr5:*:*:*:*:*:*",
"matchCriteriaId": "994CB184-AFE8-4673-ACE8-085813F1E71F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.460:mr6:*:*:*:*:*:*",
"matchCriteriaId": "85CF6FFB-4189-4558-A70D-DE6D4C0C1F82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.464:mr7:*:*:*:*:*:*",
"matchCriteriaId": "31D6A148-A92C-4FCA-8762-16764D62C363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.471:mr8:*:*:*:*:*:*",
"matchCriteriaId": "3E6E2EA2-88DA-4DF0-9AA3-3E3D2C80C04E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.1.1_mr1_build_8.1.1.314a:*:*:*:*:*:*:*",
"matchCriteriaId": "FB47C16B-5221-4D64-BDB2-65D072A66C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.1.1_mr2_build_8.1.1.319:*:*:*:*:*:*:*",
"matchCriteriaId": "204F2046-F116-45D7-9256-179A3B59886A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.1.1_mr3_build_8.1.1.323:*:*:*:*:*:*:*",
"matchCriteriaId": "CD0C67C0-3CF1-4BAD-A673-9B783E1D0724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.1.1_mr4_build_8.1.1.329:*:*:*:*:*:*:*",
"matchCriteriaId": "274EA5DA-9519-46DE-B11E-87BDF1978E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.1.1_mr5_build_8.1.1.336:*:*:*:*:*:*:*",
"matchCriteriaId": "044C020A-0BCC-4037-BC32-73385A0BE019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:gateway_security:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A939A3CE-BFBB-4950-A0D3-D5731AABF602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:gateway_security:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5BC7324C-0415-4349-A625-04A8209D7709",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:gateway_security:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "031C9545-1CF1-46EF-B79C-7AD69E1B1C82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.0:*:domino:*:*:*:*:*",
"matchCriteriaId": "DA6CFDFD-1EB4-458A-AD39-320E619593D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.1:build_458:exchange:*:*:*:*:*",
"matchCriteriaId": "15436586-B0EE-40F4-9051-90953CF3684D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.1:build_459:exchange:*:*:*:*:*",
"matchCriteriaId": "96290C64-A507-46B6-908D-AD567A21899F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.1:build_461:exchange:*:*:*:*:*",
"matchCriteriaId": "2955A350-222F-4AD9-9745-9468D46503F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.5_build_719:*:exchange:*:*:*:*:*",
"matchCriteriaId": "5CA62889-7A55-459F-BFD8-D38CD93F9219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2.18_build_83:*:exchange:*:*:*:*:*",
"matchCriteriaId": "3E906A81-4081-438E-948C-FC82BF7203F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.1.1.319:*:corporate:*:*:*:*:*",
"matchCriteriaId": "E626F14C-FDE9-4C6A-8CE7-B99CD4FEE485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.1.1.323:*:corporate:*:*:*:*:*",
"matchCriteriaId": "EC4CFE5A-4D51-405D-B92E-37DE4E617ABE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.1.1.329:*:corporate:*:*:*:*:*",
"matchCriteriaId": "727A116A-D18C-4F3F-A6A8-2C6107FFB8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.1.1_build8.1.1.314a:*:corporate:*:*:*:*:*",
"matchCriteriaId": "4A6612F1-4CA8-427A-AED4-854F943BA3D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.01.434:*:corporate:*:*:*:*:*",
"matchCriteriaId": "8BB225A0-7FB9-4AD2-8ED2-5CC1AEBAAB3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.01.437:*:corporate:*:*:*:*:*",
"matchCriteriaId": "9603C423-F24A-4607-B721-D02EDA94AE8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.01.446:*:corporate:*:*:*:*:*",
"matchCriteriaId": "574AAAA6-8181-457B-84CE-5AEB1895E3B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.01.457:*:corporate:*:*:*:*:*",
"matchCriteriaId": "DF957AD3-B6E5-4BD7-832F-33E734817B77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.01.460:*:corporate:*:*:*:*:*",
"matchCriteriaId": "14D862F4-BE5F-4E6B-9955-ACFB48A5D3B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.01.464:*:corporate:*:*:*:*:*",
"matchCriteriaId": "768B7F5E-E4AD-420E-92FA-A58E1AE3D1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.01.471:*:corporate:*:*:*:*:*",
"matchCriteriaId": "C15B7FEA-E6A9-4DBE-B1A9-E17E91512A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0:*:macintosh_corporate:*:*:*:*:*",
"matchCriteriaId": "DFD3D01C-9169-4CFE-9EA0-61D32BFA8943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2004:*:windows:*:*:*:*:*",
"matchCriteriaId": "A7FC3B67-D36C-4C9F-B5DC-8FBE3D6E9E29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2004:*:professional:*:*:*:*:*",
"matchCriteriaId": "09CA1AC8-E273-44C1-9D1C-19542EB57433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2004:*:windows:*:*:*:*:*",
"matchCriteriaId": "676BCD67-231B-409B-AE6B-D00314C30C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:sav_filter_domino_nt_ports:build3.0.5:*:aix:*:*:*:*:*",
"matchCriteriaId": "20030FF8-7275-4AFB-A051-C78F3D3990D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:sav_filter_domino_nt_ports:build3.0.5:*:os_400:*:*:*:*:*",
"matchCriteriaId": "4CD83506-91E9-4556-A993-8FDD31FBDF24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:sav_filter_for_domino_nt:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4004DB50-022B-48C9-B9E5-5110DF37A0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.01.59:*:*:*:*:*:*:*",
"matchCriteriaId": "B05B8522-E203-49A0-8C5B-3DA7B06AF5AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.01.60:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD064CE-3C39-4243-B59E-CC8E48ED50DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.01.61:*:*:*:*:*:*:*",
"matchCriteriaId": "9886B467-793C-4D07-9B1B-B80FA5266D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.01.62:*:*:*:*:*:*:*",
"matchCriteriaId": "676F5A96-B21B-49FF-86EA-F18F9C3931C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.01.63:*:*:*:*:*:*:*",
"matchCriteriaId": "18991132-C5B6-43AB-BDCB-196BB2957F27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.01.67:*:*:*:*:*:*:*",
"matchCriteriaId": "42CE2596-83A9-4A80-A8C6-825EDEAAB8B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.01.68:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA16BAF-6263-44EA-B3EB-187264913D8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header."
}
],
"id": "CVE-2005-0249",
"lastModified": "2024-11-20T23:54:43.433",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-02-08T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1013133"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/107822"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.symantec.com/avcenter/security/Content/2005.02.08.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xforce.iss.net/xforce/alerts/id/187"
},
{
"source": "cve@mitre.org",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://securitytracker.com/id?1013133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/107822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.symantec.com/avcenter/security/Content/2005.02.08.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xforce.iss.net/xforce/alerts/id/187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18869"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-16 21:19
Modified
2024-11-21 00:28
Severity ?
Summary
The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver's \Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDD0E02-306D-4675-B73A-2C2F619CDDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0:*:scf_7.1:*:*:*:*:*",
"matchCriteriaId": "97AF14CF-3BD6-4A03-B543-3150C656198E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0:build_9.0.0.338:*:*:*:*:*:*",
"matchCriteriaId": "5F68FB11-C830-4579-A29D-0E2A57CDE9FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0:build_9.0.0.338:stm:*:*:*:*:*",
"matchCriteriaId": "8A1E2653-A061-48BD-AC62-643CDD78E859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "251E7DE8-4485-438E-B62D-1BF508ECCCF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.1_build_9.0.1.1000:mr1:*:*:*:*:*:*",
"matchCriteriaId": "D934F853-C7E0-421E-9AF3-B7B49228722F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "742DB20E-AB26-4CF4-A383-BDCF3FBA448F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.2_build_9.0.2.1000:mr2:*:*:*:*:*:*",
"matchCriteriaId": "D608AACF-A4BC-49CE-BE49-E8F3AEF31DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E4BCD7-E441-417A-8C52-E1DE80AD67CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.3_build_9.0.3.1000:mr3:*:*:*:*:*:*",
"matchCriteriaId": "3238894A-3C25-4CC8-A319-8AA7246FEC51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D86F7A-F2C0-471C-8EA8-E1C7230F25AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.4:mr4_build1000:*:*:*:*:*:*",
"matchCriteriaId": "11C1491F-01A1-47B1-87BB-6F7676448A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6A0AFF82-E613-40E2-AAD5-37241294D981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.5_build_1100:*:*:*:*:*:*:*",
"matchCriteriaId": "69E9F1EE-CB23-42DE-8787-7F477D16329F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.5_build_1100_mp1:mr5:*:*:*:*:*:*",
"matchCriteriaId": "9204DC08-0809-4762-B5CB-5485E67CA31D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8C7FF193-6B91-4ED7-AF00-1D201C98BAFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.6:mr6:*:*:*:*:*:*",
"matchCriteriaId": "841CF36F-14A0-49A6-8442-681F25DC8DCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0_scf_7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C2D813-C219-4FF3-9C3B-DBB855480492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0_stm_build_9.0.0.338:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A00A25-A52F-4E9D-AAD0-194171C772FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5324D40A-76EA-4CC4-A1B1-971069A4E161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "844A6963-F60C-4D48-8445-9056C99201D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.0.359:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB1C90D-DBC0-4DA0-AF5D-E42C41E84B60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.1.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "2852548A-39A6-44FB-A73E-96507BA0CD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.1.1001:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9641FC-FF7B-4413-8163-B795AA35C888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.1.1007:*:*:*:*:*:*:*",
"matchCriteriaId": "17862D7F-7001-46B8-A415-2A15A247E9BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.1.1008:*:*:*:*:*:*:*",
"matchCriteriaId": "170AEE7B-31AF-44E2-9B63-9703D0DE721C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.1.1009:*:*:*:*:*:*:*",
"matchCriteriaId": "E651C9BE-201B-4DDC-A650-F9269531290C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56EA0BAC-ED6D-45D2-995C-18B828906E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2000:*:*:*:*:*:*:*",
"matchCriteriaId": "63B1A9FC-707C-4F6F-959B-30B28E43D202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2001:*:*:*:*:*:*:*",
"matchCriteriaId": "87E4E013-A819-42E0-8F8E-9B2D409F900E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2002:*:*:*:*:*:*:*",
"matchCriteriaId": "097B87A8-8176-4426-BDE4-6FDDD272E1B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2010:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBD7767-C352-435B-8963-83F723FFD302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2011:*:*:*:*:*:*:*",
"matchCriteriaId": "E2FC1708-B643-4489-A59C-EBDAFD9B0078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2020:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCE0C8A-A97C-4DE1-B0EE-3A2D16A34C77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2021:*:*:*:*:*:*:*",
"matchCriteriaId": "EE714705-CEE9-4BA1-8573-FD3765BC7F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D24019B-20F0-4B4D-86A5-9409698E6216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.0.396:*:*:*:*:*:*:*",
"matchCriteriaId": "17110872-8BD5-4CB0-9F2A-B18D091A7EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.0.401:*:*:*:*:*:*:*",
"matchCriteriaId": "9D29AD07-6545-4180-8E32-C18586684845",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.394:*:*:*:*:*:*:*",
"matchCriteriaId": "D6090F86-0B42-403F-9996-9B7670EBAA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.396:*:*:*:*:*:*:*",
"matchCriteriaId": "B3706E76-FC65-467E-8D09-A9EAC32E9BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.400:*:*:*:*:*:*:*",
"matchCriteriaId": "BF555313-BB5A-4D8A-A3A1-609ABC39F6FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.401:*:*:*:*:*:*:*",
"matchCriteriaId": "BC74372F-329A-4597-810B-88B865771C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antispam:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "44553774-85FF-4F2E-81CA-696A454EAA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:3.0:*:corporate:*:*:*:*:*",
"matchCriteriaId": "2D76AF2F-3DBA-4E78-B999-08F2302CFB4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0:*:corporate:*:*:*:*:*",
"matchCriteriaId": "D9E85FD6-9E89-4497-854C-60A20639CE52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.0.338:*:corporate:*:*:*:*:*",
"matchCriteriaId": "91F70069-D0F2-41D8-862F-2162CE12D49F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.1:*:corporate:*:*:*:*:*",
"matchCriteriaId": "2860637E-6FA5-445A-86B5-E9F2D2D7DD37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.1.1.1000:*:corporate:*:*:*:*:*",
"matchCriteriaId": "EDF0DA40-1AC4-4610-AEAC-F431E23BAEAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.1.1000:*:corporate:*:*:*:*:*",
"matchCriteriaId": "018D1F3B-BAFC-461E-B833-9E0F98A6533D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.2:*:corporate:*:*:*:*:*",
"matchCriteriaId": "4B9AED5E-2D66-4EB2-95CC-158D909AAE6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.2.1000:*:corporate:*:*:*:*:*",
"matchCriteriaId": "5696AC09-E8BB-4060-9A81-EA2B190B850A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.3.1000:*:corporate:*:*:*:*:*",
"matchCriteriaId": "C18E6605-5F86-4957-AE16-80F59F40110E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.4:*:corporate:*:*:*:*:*",
"matchCriteriaId": "56D54011-9B09-4C63-8301-609C03E51099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.5:*:corporate:*:*:*:*:*",
"matchCriteriaId": "9EF7F7F6-FC6B-4258-AE1D-3E4C19B365B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.5.1100:*:corporate:*:*:*:*:*",
"matchCriteriaId": "A10DA055-1F24-4AFD-A688-58D1DB4FB64A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.6.1000:*:corporate:*:*:*:*:*",
"matchCriteriaId": "19859DA5-66FB-4CFB-8FC4-0825E38C0381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0:*:corporate:*:*:*:*:*",
"matchCriteriaId": "CAC5389A-8B18-40C4-A3E0-E50B6AA724FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.1.1000:*:corporate:*:*:*:*:*",
"matchCriteriaId": "C86261D8-47C4-4476-925E-71E961A5242A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.1.1007:*:corporate:*:*:*:*:*",
"matchCriteriaId": "7544F4F3-D3A8-4814-9727-6077542FC404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.1.1008:*:corporate:*:*:*:*:*",
"matchCriteriaId": "A5994802-8D88-4492-9CA3-D6263A78DC53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2000:*:corporate:*:*:*:*:*",
"matchCriteriaId": "88090CD5-A324-4A41-A55E-9381FBC14B62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2001:*:corporate:*:*:*:*:*",
"matchCriteriaId": "78E79E4D-E93B-4C6C-92EE-1E33EE1AEB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2002:*:corporate:*:*:*:*:*",
"matchCriteriaId": "F6E6EC72-9B83-4685-B48E-25E4211EC280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2010:*:corporate:*:*:*:*:*",
"matchCriteriaId": "275187A5-FB3A-41C2-A6F4-F2DC9D88D0DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2011:*:corporate:*:*:*:*:*",
"matchCriteriaId": "A7F0C0E9-9665-452E-A382-04656F2009AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2020:*:corporate:*:*:*:*:*",
"matchCriteriaId": "6A220194-CCB1-41F6-9CB0-A79C2E5E36FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2021:*:corporate:*:*:*:*:*",
"matchCriteriaId": "4D3CBEF5-25C6-41E8-97A3-2AA43134E619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1:*:corporate:*:*:*:*:*",
"matchCriteriaId": "81AE594C-41ED-4FE8-839D-B604AE8DC901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.4:*:corporate:*:*:*:*:*",
"matchCriteriaId": "DA2BB94A-9561-4B92-8BEF-1377E77D2A31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.4.4010:*:corporate:*:*:*:*:*",
"matchCriteriaId": "7EF25D8D-CE96-43B7-BA96-7AF61D0514D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.394:*:corporate:*:*:*:*:*",
"matchCriteriaId": "E344EFB5-A340-4226-B79B-CB0DB824BA9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.396:*:corporate:*:*:*:*:*",
"matchCriteriaId": "4AB33BC0-813C-4944-9835-A1F62614CC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.400:*:corporate:*:*:*:*:*",
"matchCriteriaId": "423C4F6C-4D87-4604-9122-02E2F06FAFB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.401:*:corporate:*:*:*:*:*",
"matchCriteriaId": "60BBE26A-E648-440F-9F08-AA7DD62D6C11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "11477B6E-C4C5-4664-91A7-D253077981F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "44843812-35FC-4378-B239-EEC74A0C8A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "06C7CD61-A47B-4521-8C6F-4BB1F4C95614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CC64B1-772C-42A9-9B0A-08CA92DC87E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EBBB8F-C17F-4E15-ADA6-1E8E572954BF",
"versionEndIncluding": "2006_9.1.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "CB5F3CB3-7EB3-416C-AD2F-6357DC7248CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "C890A979-00E7-44E6-8CEA-8E4B2C966622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2006_9.1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8C73F1-FEF1-40A3-BFAB-CE226B98E001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "29F670F0-FD5D-447C-94B8-691482D907F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "05EB078C-2538-4961-ABFF-6C4601C3977F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver\u0027s \\Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855."
},
{
"lang": "es",
"value": "El controlador de dispositivo SymTDI (SYMTDI.SYS) en Symantec Norton Personal Firewall 2006 versi\u00f3n 9.1.1.7 y anteriores, Internet Security 2005 y 2006, AntiVirus Corporate Edition versi\u00f3n 3.0.x hasta 10.1.x, y otros productos Norton, permiten a los usuarios locales causar una denegaci\u00f3n de servicio (bloqueo de sistema) al enviar datos creados al archivo \\Device del controlador, que activa un acceso a la memoria no v\u00e1lido, una vulnerabilidad diferente a la CVE-2006-4855."
}
],
"id": "CVE-2007-1476",
"lastModified": "2024-11-21T00:28:24.377",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 1.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-16T21:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=117396596027148\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35088"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2438"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1018656"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymTDI-driver-input-buffer.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/462926/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22977"
},
{
"source": "cve@mitre.org",
"url": "http://www.symantec.com/avcenter/security/Content/2007.09.05.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=117396596027148\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymTDI-driver-input-buffer.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/462926/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/avcenter/security/Content/2007.09.05.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33003"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-19 16:06
Modified
2024-11-21 00:09
Severity ?
Summary
Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | liveupdate | 3.0 | |
| symantec | liveupdate | 3.0.1 | |
| symantec | liveupdate | 3.0.2 | |
| symantec | liveupdate | 3.0.3 | |
| symantec | liveupdate | 3.5 | |
| symantec | norton_antivirus | 9.0.0 | |
| symantec | norton_antivirus | 9.0.1 | |
| symantec | norton_antivirus | 9.0.2 | |
| symantec | norton_antivirus | 9.0.3 | |
| symantec | norton_antivirus | 10.0 | |
| symantec | norton_antivirus | 10.0.0 | |
| symantec | norton_antivirus | 10.0.1 | |
| symantec | norton_antivirus | 10.9.1 | |
| symantec | norton_internet_security | 3.0 | |
| symantec | norton_personal_firewall | 3.0 | |
| symantec | norton_personal_firewall | 3.1 | |
| symantec | norton_system_works | 3.0 | |
| symantec | norton_utilities | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:liveupdate:3.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "05EE17B2-8E91-4413-A35A-183C3000B6A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:liveupdate:3.0.1:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "FB2DE1ED-01B8-42A1-BA70-BA15328B2E6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:liveupdate:3.0.2:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "B3F2C272-73E6-4D07-A72D-145A6BF1818C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:liveupdate:3.0.3:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "50D20D8E-A7D7-4DD6-9918-2E609A7D7620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:liveupdate:3.5:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "749C0B32-9669-4CD6-8615-BCD76C768532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "E72D8D65-340C-4505-AA80-F9E7870513EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.1:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "242D33E8-1B6B-4562-9F2A-1B34E3B7BC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.2:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "252ACD1B-323F-4139-880D-89D600F29986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.3:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "B2D0922A-3EA3-4BC9-9311-9DCA57338CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "7225A578-8F62-42BD-99AC-D3385478613A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "FF0903BD-3E78-4024-A773-16100F519B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.1:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "1B390577-F1F1-4821-90FB-967E749F7CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.9.1:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "44073E2A-A8AB-4D1A-BCFC-8439E40E97E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:3.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "D2259605-B720-42B0-8476-6CAE07C7B143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:3.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "9CC3459D-1F86-48A4-9DC2-0E542AEAC97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:3.1:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "608F8ECE-F8A9-4659-9ED7-79ADD61E5099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:3.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "F648A08A-24EF-45A5-B7FD-00CAD5892061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_utilities:8.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "DCB3EF92-1CEA-4E57-94E7-0C596998F4CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
}
],
"id": "CVE-2006-1836",
"lastModified": "2024-11-21T00:09:52.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-19T16:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19682"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/100"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015953"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17571"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1386"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015953"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-08 17:05
Modified
2024-11-21 00:41
Severity ?
Summary
The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, does not properly determine the location of the AutoFix Tool, which allows remote attackers to execute arbitrary code via a remote (1) WebDAV or (2) SMB share.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | norton_360 | 1.0 | |
| symantec | norton_antivirus | 2006 | |
| symantec | norton_antivirus | 2007 | |
| symantec | norton_antivirus | 2008 | |
| symantec | norton_internet_security | 2006 | |
| symantec | norton_internet_security | 2007 | |
| symantec | norton_internet_security | 2008 | |
| symantec | system_works | 2006 | |
| symantec | system_works | 2007 | |
| symantec | system_works | 2008 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_360:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00819E08-CC5C-48FC-9F80-95B68AB19C65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "44843812-35FC-4378-B239-EEC74A0C8A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "C988B309-F397-412A-8570-C3823C7FE7E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "FA990FD5-DF2F-470A-936D-155A36BEDE3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CC64B1-772C-42A9-9B0A-08CA92DC87E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "692ECBCD-AB6B-4965-93F4-BDAD4777C018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF87752-C86D-4C89-9DE9-F874068C89EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:system_works:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "9881BFC2-6DCC-477E-B672-5BBCF42C1C79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:system_works:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "7479C14D-E9BB-4D39-B9E1-0ACBA7CE424B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:system_works:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "D2A0C983-021B-4B77-A0D4-CD07C55916AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, does not properly determine the location of the AutoFix Tool, which allows remote attackers to execute arbitrary code via a remote (1) WebDAV or (2) SMB share."
},
{
"lang": "es",
"value": "El m\u00e9todo ActiveDataInfo.LaunchProcess en el control ActiveX 2.7.0.1 SymAData.ActiveDataInfo.1 en SYMADATA.DLL sobre m\u00faltiples productos Symantec Norton incluyendo Norton 360 1.0, AntiVirus 2006 al 2008, Internet Security 2006 al 2008, y System Works 2006 al 2008, no es capaz de determinar correctamente la ubicaci\u00f3n de AutoFix Tool, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un recurso compartido del tipo (1) WebDAV o (2) SMB."
}
],
"id": "CVE-2008-0313",
"lastModified": "2024-11-21T00:41:39.137",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-04-08T17:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=678"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29660"
},
{
"source": "cve@mitre.org",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28509"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019751"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019752"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019753"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1077/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1077/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41631"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-30 23:59
Modified
2024-11-21 02:48
Severity ?
Summary
The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation) via a crafted RAR file that is mishandled during decompression.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18E0EBEA-966E-4A26-82F8-2451BBE2996D",
"versionEndIncluding": "7.0.4",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E786080F-C93C-4AAF-9752-6174E0F12D0A",
"versionEndIncluding": "7.5.4",
"versionStartIncluding": "7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:6.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9042F0E1-F41D-4A9F-A3E8-07B2626B433F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_power_eraser:*:*:*:*:*:*:*:*",
"matchCriteriaId": "679C5062-D79D-4FE2-8764-9D6FFB1A87D6",
"versionEndIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:protection_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56A57E41-7739-490E-ADD2-05B006148223",
"versionEndIncluding": "7.0.5",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD8F7EBB-8ACA-471F-9557-2A3C8E14A05F",
"versionEndIncluding": "7.5.4",
"versionStartIncluding": "7.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "580CEE93-D3FA-4D94-909B-DCBD18889E7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1:*:*:*:*:*:*",
"matchCriteriaId": "40DAC718-5E21-4616-AA68-F46E9D0DC5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1a:*:*:*:*:*:*",
"matchCriteriaId": "9F6B238A-F29B-4FBD-8212-4ECEA485CBCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp2:*:*:*:*:*:*",
"matchCriteriaId": "E94A3EEE-61B5-47CD-B880-9E09F56BDAD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp3:*:*:*:*:*:*",
"matchCriteriaId": "1FF40801-FB4E-4708-85BD-CF22AB67AEE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:*:*:*",
"matchCriteriaId": "9844DFD0-3834-4E3C-BE61-D7C1A6D5C76D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:message_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D9E9B7-0F13-4D0F-95CB-3ECEABBD6E44",
"versionEndIncluding": "10.6.1-3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40F434A2-9094-46E3-8A2C-E166FE2D296A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A58C09D-72A0-48E1-ABF0-49EBECA5D02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24796276-EB93-4499-AF41-E7608CB211B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3937479-A204-4308-901A-CF423667CB24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_security_with_backup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "740DB7AB-6027-4232-85AD-F30B37826B35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:ngc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7A6B2-C4B9-4CA3-93E7-77737C29744E",
"versionEndIncluding": "22.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:message_gateway_for_service_providers:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "361DA2D7-C3CC-41A2-A39D-4DA2AFE31A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:message_gateway_for_service_providers:10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "00B021EA-7B32-461A-9937-58AA646B62EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_bootable_removal_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64EFED02-BE21-40C2-B9DF-E2DEFE675A9F",
"versionEndIncluding": "2016.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC90DD4-8E70-4C5E-999C-C5E1F7483181",
"versionEndIncluding": "8.0.9",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFC2C12-8952-4D10-A8DF-6F1092DEADD6",
"versionEndIncluding": "8.1.3",
"versionStartIncluding": "8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A33DC725-184F-47DA-BE64-D90540B3B7AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.0:mp1:*:*:*:*:*:*",
"matchCriteriaId": "36039D60-BB6E-4701-B90E-D2954600386D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2CFC20B-2B5D-4E00-B62A-A95B593544DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.5:mp1:*:*:*:*:*:*",
"matchCriteriaId": "39B85357-FE30-4BC2-8A2C-CE9C4383C777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AF15255A-1818-4554-86F6-C553087DBCBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.6:mp1:*:*:*:*:*:*",
"matchCriteriaId": "24823086-8771-4495-8DCB-47F1AF27988E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_security:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "0C78C906-E9C6-4068-9A6F-3998E7741059",
"versionEndIncluding": "13.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:advanced_threat_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6239DAA-EEB3-4483-9DAD-BC0D571BF29A",
"versionEndIncluding": "2.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.03:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB9099B-FB1D-439B-BEAC-23D199542256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.04:*:*:*:*:*:*:*",
"matchCriteriaId": "4AED9F60-CCEA-43EF-93B4-2C13F5574BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "24F42E84-1AB9-45CF-ABE7-17911915606A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A5393B-BC84-4590-9779-3A6752EC767F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:csapi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B105323B-438B-4506-9575-5D55AB837D53",
"versionEndIncluding": "10.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1:*:*:*:*:*:*",
"matchCriteriaId": "40DAC718-5E21-4616-AA68-F46E9D0DC5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1a:*:*:*:*:*:*",
"matchCriteriaId": "9F6B238A-F29B-4FBD-8212-4ECEA485CBCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp2:*:*:*:*:*:*",
"matchCriteriaId": "E94A3EEE-61B5-47CD-B880-9E09F56BDAD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp3:*:*:*:*:*:*",
"matchCriteriaId": "1FF40801-FB4E-4708-85BD-CF22AB67AEE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:*:*:*",
"matchCriteriaId": "9844DFD0-3834-4E3C-BE61-D7C1A6D5C76D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation) via a crafted RAR file that is mishandled during decompression."
},
{
"lang": "es",
"value": "El motor AntiVirus Decomposer en Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x hasta la versi\u00f3n 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) en versiones anteriores a 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) para Mac; Symantec Endpoint Protection (SEP) para Linux en versiones anteriores a 12.1 RU6 MP5; Symantec Protection Engine (SPE) en veriones anteriores a 7.0.5 HF01, 7.5.x en versiones anteriores a 7.5.3 HF03, 7.5.4 en versiones anteriores a HF01 y 7.8.0 en versiones anteriores a HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 hasta la versi\u00f3n 6.0.5 en versiones anteriores a 6.0.5 HF 1.5 y 6.0.6 en versiones anteriores a HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) en versiones anteriores a 7.0_3966002 HF1.1 y 7.5.x en versiones anteriores a 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) en versiones anteriores a 8.0.9 HF1.1 y 8.1.x en versiones anteriores a 8.1.3 HF1.2; CSAPI en versiones anteriores a 10.0.4 HF01; Symantec Message Gateway (SMG) en versiones anteriores a 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 en versiones anteriores a patch 254 y 10.6 en versiones anteriores a patch 253; Norton AntiVirus, Norton Security, Norton Internet Security y Norton 360 en versiones anteriores a NGC 22.7; Norton Security para Mac en versiones anteriores a 13.0.2; Norton Power Eraser (NPE) en versiones anteriores a 5.1; y Norton Bootable Removal Tool (NBRT) en versiones anteriores a 2016.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (violaci\u00f3n de acceso a memoria) a trav\u00e9s de un archivo RAR manipulado que es manejado incorrectamente durante la descompresi\u00f3n."
}
],
"id": "CVE-2016-2207",
"lastModified": "2024-11-21T02:48:02.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-30T23:59:01.150",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91434"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036198"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036199"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40031/"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40031/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-05 21:17
Modified
2024-11-21 00:25
Severity ?
Summary
Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2AD14C-2BD2-4658-BDB0-232A9E26EA2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:clearswift:*:*:*:*:*",
"matchCriteriaId": "1E739083-DFC2-4A89-9F84-E067E127D420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65DC45B-8FA9-453E-8249-45535EA64D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DA3717-A218-459B-891C-F3F945D42A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F11687CE-E997-4D26-ACAE-B9175348ADDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:caching:*:*:*:*:*",
"matchCriteriaId": "2F90AD67-02CB-4006-B567-631FD633DB17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:clearswift:*:*:*:*:*",
"matchCriteriaId": "BC0F87D0-E4B5-41FC-8050-386B9CE04249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:microsoft_sharepoint:*:*:*:*:*",
"matchCriteriaId": "FBBFF303-3DD6-4312-94CD-37E5170A93AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:network_attached_storage:*:*:*:*:*",
"matchCriteriaId": "59962A9A-10F4-4F1B-A5AB-8743C0874963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "346F8C27-F389-412C-B7C2-2CF3344E557C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3.7.27:*:*:*:*:*:*:*",
"matchCriteriaId": "51170553-03E8-4588-97A0-8DA57C37B5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3.8.29:*:*:*:*:*:*:*",
"matchCriteriaId": "A32C5A4C-9E39-4718-8BF1-283183B4A516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "301B1340-A402-4D3E-AAF8-17CD8B59517D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3.12:*:caching:*:*:*:*:*",
"matchCriteriaId": "52CE5595-323D-45A2-BD05-C6B2CBD6BA38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3.12:*:clearswift:*:*:*:*:*",
"matchCriteriaId": "3042D5B7-AE27-4664-87DB-679422029199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3.12:*:messaging:*:*:*:*:*",
"matchCriteriaId": "671CBE65-1FCF-43B8-8D21-5C8CC7C17417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3.12:*:microsoft_sharepoint:*:*:*:*:*",
"matchCriteriaId": "28BD859A-F57B-444C-8083-AE99E59B9DC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3.12:*:network_attached_storage:*:*:*:*:*",
"matchCriteriaId": "6158E16F-468A-4B76-8199-500FCAC1E54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "992DB720-52A8-43D4-B74B-96C0F763ED0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "685F58DC-6BD3-499C-A9D5-BB9C909FE857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:brightmail_antispam:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "95436CD6-8E9C-4F89-9683-0650F6167027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:brightmail_antispam:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC910CFD-9F20-473E-BC2D-64A7A3C14404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:brightmail_antispam:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "849782E0-9F26-411F-82B9-88B5FC4F4C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:brightmail_antispam:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAD87DB3-45C2-4091-A83B-25E427563C70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:brightmail_antispam:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0910781-9EF9-4188-AA33-1C54F01A0832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:brightmail_antispam:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7647813B-2B9F-4B0F-96D1-C533A49DDC6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:brightmail_antispam:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "09AD23D0-4502-4090-9172-002B92D83C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDD0E02-306D-4675-B73A-2C2F619CDDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0:*:scf_7.1:*:*:*:*:*",
"matchCriteriaId": "97AF14CF-3BD6-4A03-B543-3150C656198E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0:build_9.0.0.338:stm:*:*:*:*:*",
"matchCriteriaId": "8A1E2653-A061-48BD-AC62-643CDD78E859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.1_build_9.0.1.1000:mr1:*:*:*:*:*:*",
"matchCriteriaId": "D934F853-C7E0-421E-9AF3-B7B49228722F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.2_build_9.0.2.1000:mr2:*:*:*:*:*:*",
"matchCriteriaId": "D608AACF-A4BC-49CE-BE49-E8F3AEF31DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.3_build_9.0.3.1000:mr3:*:*:*:*:*:*",
"matchCriteriaId": "3238894A-3C25-4CC8-A319-8AA7246FEC51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D86F7A-F2C0-471C-8EA8-E1C7230F25AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.4:mr4_build1000:*:*:*:*:*:*",
"matchCriteriaId": "11C1491F-01A1-47B1-87BB-6F7676448A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.5_build_1100_mp1:mr5:*:*:*:*:*:*",
"matchCriteriaId": "9204DC08-0809-4762-B5CB-5485E67CA31D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.6:mr6:*:*:*:*:*:*",
"matchCriteriaId": "841CF36F-14A0-49A6-8442-681F25DC8DCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "844A6963-F60C-4D48-8445-9056C99201D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.0.359:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB1C90D-DBC0-4DA0-AF5D-E42C41E84B60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.1.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "2852548A-39A6-44FB-A73E-96507BA0CD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.1.1001:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9641FC-FF7B-4413-8163-B795AA35C888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.1.1007:*:*:*:*:*:*:*",
"matchCriteriaId": "17862D7F-7001-46B8-A415-2A15A247E9BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.1.1008:*:*:*:*:*:*:*",
"matchCriteriaId": "170AEE7B-31AF-44E2-9B63-9703D0DE721C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2000:*:*:*:*:*:*:*",
"matchCriteriaId": "63B1A9FC-707C-4F6F-959B-30B28E43D202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2001:*:*:*:*:*:*:*",
"matchCriteriaId": "87E4E013-A819-42E0-8F8E-9B2D409F900E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2002:*:*:*:*:*:*:*",
"matchCriteriaId": "097B87A8-8176-4426-BDE4-6FDDD272E1B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2010:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBD7767-C352-435B-8963-83F723FFD302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2011:*:*:*:*:*:*:*",
"matchCriteriaId": "E2FC1708-B643-4489-A59C-EBDAFD9B0078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2020:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCE0C8A-A97C-4DE1-B0EE-3A2D16A34C77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2021:*:*:*:*:*:*:*",
"matchCriteriaId": "EE714705-CEE9-4BA1-8573-FD3765BC7F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D24019B-20F0-4B4D-86A5-9409698E6216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.394:*:*:*:*:*:*:*",
"matchCriteriaId": "D6090F86-0B42-403F-9996-9B7670EBAA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.396:*:*:*:*:*:*:*",
"matchCriteriaId": "B3706E76-FC65-467E-8D09-A9EAC32E9BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.400:*:*:*:*:*:*:*",
"matchCriteriaId": "BF555313-BB5A-4D8A-A3A1-609ABC39F6FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.401:*:*:*:*:*:*:*",
"matchCriteriaId": "BC74372F-329A-4597-810B-88B865771C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.0:*:domino:*:*:*:*:*",
"matchCriteriaId": "DA6CFDFD-1EB4-458A-AD39-320E619593D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.0:*:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "05B85F14-4248-4550-BE7F-D9BAB9DC90C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.0:build456:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "419D2E24-CA90-471D-9F35-1795F6A65B60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.0:build463:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "965DA3C4-7559-4583-A5DC-BEABEAA7E87B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.0:build465:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "EBEB8E8E-DB27-45FB-90CA-2CF3A515AC4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.0:build736:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "8184E073-37B0-4654-8DF8-379EFC5FB0D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.0:build741:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "C29B7C1F-C4AB-4CAB-8177-B64F4B8A2B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.0:build743:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "D1FBFE00-4692-48C2-A6C7-9179E185A275",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.0.1:*:domino:*:*:*:*:*",
"matchCriteriaId": "DBE74BFA-003E-40CC-83E1-1AC7159B0C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.1:build458:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "E21CDCBA-3C86-462B-8383-58C893978EBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.1:build459:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "E6179A68-2322-4D79-9446-5A5E4B27AD33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.1:build461:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "EE92421B-C0CA-4B28-9E26-EF0A115C9330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.5:*:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "DC8AD646-E257-4065-B358-8B4944D327E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.5.4.743:*:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "F50BA510-67D5-4FF1-87D0-215B68D20EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.5_build_719:*:exchange:*:*:*:*:*",
"matchCriteriaId": "5CA62889-7A55-459F-BFD8-D38CD93F9219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.5_build_736:*:exchange:*:*:*:*:*",
"matchCriteriaId": "766327B9-E8DA-4422-80C2-48E333161D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.5_build_741:*:exchange:*:*:*:*:*",
"matchCriteriaId": "3C5FF883-831F-47CC-BD04-BBFD25BDE8DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.6.1.107:*:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "C6EAA83D-2073-4360-BD3C-59AF34EADE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.6.3:*:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "60D239DF-65AD-4492-AEE1-FCD36E99DD63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.6_build_97:*:exchange:*:*:*:*:*",
"matchCriteriaId": "7AD92ABA-2D03-46FD-85D5-33FC369015DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:5.0:*:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "9608BF57-0D9A-4874-BFDA-C92447FACD70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:5.0:*:smtp:*:*:*:*:*",
"matchCriteriaId": "96E660E2-C0F9-499F-A01D-DB368179F28F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:5.0.0.204:*:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "8E1C4824-3774-41EF-80E1-42A417830978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:5.0.1:*:smtp:*:*:*:*:*",
"matchCriteriaId": "A8430D5E-A8A7-4724-8A6B-B5E2CA437729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:5.1.0:*:domino:*:*:*:*:*",
"matchCriteriaId": "A3D2C4B6-2F13-4487-989E-AC247D4D011A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:6.0.0:*:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "091D4557-21F6-412F-933A-9F0FD8152E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:*:*:corporate_edition_for_linux:*:*:*:*:*",
"matchCriteriaId": "2CC0DE59-149C-42DD-9516-BDB79A9BC412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "88FE6753-A619-4703-8120-F23EEC8C48EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "497635AC-D7F2-4A5C-8C37-DA493C9681A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "E72D8D65-340C-4505-AA80-F9E7870513EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.0.338:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "774AD674-895A-4242-9AC9-BAD6CB862785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.1:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "242D33E8-1B6B-4562-9F2A-1B34E3B7BC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.1.1.1000:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "C9797D21-CD64-4B61-A4C1-AC4AD3F9B3D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.2:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "252ACD1B-323F-4139-880D-89D600F29986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.2.1000:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "618F6F78-566A-4901-8B57-BB6DCAC7E892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.3:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "B2D0922A-3EA3-4BC9-9311-9DCA57338CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.3.1000:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "EB7F329F-4390-4735-B2C2-BC6A72FBE36A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.4:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "A5D058F6-779B-4ED4-ADC7-A68491F72BAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.4:mr4_build_1000:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "29E1AF72-6D48-4DAF-904A-B55366189251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.5:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "4B5EE3B2-FF16-4231-B99D-81CB10239576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.5.1100:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "7D26AB91-36AB-4BF6-9D0D-098F04C60AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.6.1000:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "E5E0AB4E-4DD0-4D87-BBE5-B459A8B7301F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "4433613D-EB44-4D60-861F-F9FFA2ED4F6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "7225A578-8F62-42BD-99AC-D3385478613A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "FF0903BD-3E78-4024-A773-16100F519B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.0.359:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "BF18D806-E781-4F17-9341-D48CBC06949E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.1:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "1B390577-F1F1-4821-90FB-967E749F7CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.1.1000:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "88AA69B4-865C-4959-9681-62A7591D6CFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.1.1007:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "55EDC888-F593-49E8-95A4-87D8FE9CC09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.1.1008:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "B7A47F4F-DC34-4B7D-9C3A-4631FFFC1142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2000:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "B70ACBE6-C754-4A6F-AC2F-89657DA179E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2001:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "8C6C2421-5651-4B3F-9DBC-DC411C989BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2002:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "5B967B9A-215D-470A-9722-5782D0AE0980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2010:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "F4BFDD98-F70E-41A9-9245-7EC5D140D4F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2011:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "DFC9BF64-65E7-4E0E-A637-13794A02CEED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2020:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "6B188333-A087-4FC7-864B-F802932455F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2021:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "A33A8A08-F356-4616-A603-00ADCC062D4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "B5889206-CE1C-489B-8984-EE4055BBC6BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.4:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "62EA1AE0-6A8B-4C13-B95D-7F9694AD5535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.4:mr4_mp1_build4010:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "B31249CA-296D-42C2-8939-61B990559BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.4.4010:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "5C6B6D3A-715A-45B9-8231-77A6DE847973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.394:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "73A3CB7B-DD39-48E7-8D33-1E222933A7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.396:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "116F0C9D-9255-4B98-B1CF-C78A96240784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.400:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "A8957B43-0673-439F-86F6-5791372BA498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.401:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "D2ACD718-6232-463A-ACEE-B06A02D3243A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.9.1:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "44073E2A-A8AB-4D1A-BCFC-8439E40E97E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "DF5E129A-4FA8-4084-92BE-5A65FABD53DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2004:*:professional:*:*:*:*:*",
"matchCriteriaId": "C2E302A4-72F8-478B-9FA2-2536902986B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "11477B6E-C4C5-4664-91A7-D253077981F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2005:*:professional:*:*:*:*:*",
"matchCriteriaId": "3967227C-FCB1-486E-A6C4-43B8004C4A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2005:11.0:*:*:*:*:*:*",
"matchCriteriaId": "894F1929-1029-4B57-A66A-EA58F7D94D1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2005:11.0.9:*:*:*:*:*:*",
"matchCriteriaId": "C532E93A-5D0D-454D-8B14-F5E9C6A0499F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "44843812-35FC-4378-B239-EEC74A0C8A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:3.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "D2259605-B720-42B0-8476-6CAE07C7B143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACBDE0C-91D2-4357-9724-B60BBFF5D2B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2004:*:professional:*:*:*:*:*",
"matchCriteriaId": "09CA1AC8-E273-44C1-9D1C-19542EB57433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "06C7CD61-A47B-4521-8C6F-4BB1F4C95614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2005:*:professional:*:*:*:*:*",
"matchCriteriaId": "E4BBE123-56E1-46E0-93BE-38F0932D9C63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2005:11.0:*:*:*:*:*:*",
"matchCriteriaId": "F39AE3D7-7018-47AB-B332-D40EA5273CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2005:11.0.9:*:*:*:*:*:*",
"matchCriteriaId": "82446BA3-92F9-4689-9D67-3CE159AA0F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2005:11.5.6.14:*:*:*:*:*:*",
"matchCriteriaId": "98F9F2E3-1775-4EF9-9FE0-0D011307C269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CC64B1-772C-42A9-9B0A-08CA92DC87E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2006:*:professional:*:*:*:*:*",
"matchCriteriaId": "1DE91FB9-35C3-4DC7-BE00-7C60EE9FD880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "C890A979-00E7-44E6-8CEA-8E4B2C966622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2006_9.1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8C73F1-FEF1-40A3-BFAB-CE226B98E001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2006_9.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC50007-59F4-45B0-BABF-BCF2CAB4A9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:3.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "F648A08A-24EF-45A5-B7FD-00CAD5892061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "F589D9AA-FD1B-4929-93DC-801C36087E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "29F670F0-FD5D-447C-94B8-691482D907F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2005:*:premier:*:*:*:*:*",
"matchCriteriaId": "CBB1521D-B16D-4E28-8723-AF96E95D7596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2005:11.0:*:*:*:*:*:*",
"matchCriteriaId": "67EECA52-EECB-4AAA-85F9-ADBE028B8068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2005:11.0.9:*:*:*:*:*:*",
"matchCriteriaId": "CE8022C6-360B-4A3D-AD70-3DC79B339231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "05EB078C-2538-4961-ABFF-6C4601C3977F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:symantec_antivirus_filtering_\\+for_domino:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "37AE8BC0-663C-4D1D-8FF5-13F682BBEE79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "60B08F85-A0E6-4984-83E9-41CD29751BE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "690F3A5F-F990-41C9-9964-B033188C86F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43E4FAC8-2893-48FA-B159-49C8AA380338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.0.1.70:*:*:*:*:*:*:*",
"matchCriteriaId": "5D37768F-A43C-420E-85CA-A5EF3E30F47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.0.1.76:*:*:*:*:*:*:*",
"matchCriteriaId": "ABE3F492-D08F-4558-BC19-F33BBB0D55A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.0.1_build_3.01.70:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CD5C31-4F4A-44F1-A3E1-2B4BB78E152D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.0.1_build_3.01.72:*:*:*:*:*:*:*",
"matchCriteriaId": "F39BAADB-6BF1-4871-ABEC-4BFA1321FE59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.0.1_build_3.01.74:*:*:*:*:*:*:*",
"matchCriteriaId": "451A414E-1A02-45D1-8DFC-61B3E17BF12A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.01.59:*:*:*:*:*:*:*",
"matchCriteriaId": "B05B8522-E203-49A0-8C5B-3DA7B06AF5AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.01.60:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD064CE-3C39-4243-B59E-CC8E48ED50DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.01.61:*:*:*:*:*:*:*",
"matchCriteriaId": "9886B467-793C-4D07-9B1B-B80FA5266D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.01.62:*:*:*:*:*:*:*",
"matchCriteriaId": "676F5A96-B21B-49FF-86EA-F18F9C3931C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.01.63:*:*:*:*:*:*:*",
"matchCriteriaId": "18991132-C5B6-43AB-BDCB-196BB2957F27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.01.67:*:*:*:*:*:*:*",
"matchCriteriaId": "42CE2596-83A9-4A80-A8C6-825EDEAAB8B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.01.68:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA16BAF-6263-44EA-B3EB-187264913D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:5.0:*:microsoft_isa_2004:*:*:*:*:*",
"matchCriteriaId": "8E7C32F4-1225-4A4E-BD98-DFE026383482",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:symantec:gateway_security_5000_series:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76147168-37FB-444C-BD40-EFC31A0A499A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:gateway_security_5400:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA896DF0-76AD-4CEE-9FE0-5E6758FC9A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:mail_security_8820_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "823BD557-6352-4EC2-AE78-2C0CE6F660D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el componente Decomposer en m\u00faltiples producto Symantec que permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de archivos .CAB manipulados."
}
],
"id": "CVE-2007-0447",
"lastModified": "2024-11-21T00:25:53.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-05T21:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36118"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26053"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24282"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2508"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-040.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-07-07 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
The SYMDNS.SYS driver in Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a DNS response with a compressed name pointer that points to itself.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | client_firewall | 5.01 | |
| symantec | client_firewall | 5.1.1 | |
| symantec | client_security | 1.0 | |
| symantec | client_security | 1.1 | |
| symantec | client_security | 1.2 | |
| symantec | client_security | 1.3 | |
| symantec | client_security | 1.4 | |
| symantec | client_security | 1.5 | |
| symantec | client_security | 1.6 | |
| symantec | client_security | 1.7 | |
| symantec | client_security | 1.8 | |
| symantec | client_security | 1.9 | |
| symantec | client_security | 2.0 | |
| symantec | norton_antispam | 2004 | |
| symantec | norton_internet_security | 2002 | |
| symantec | norton_internet_security | 2002 | |
| symantec | norton_internet_security | 2003 | |
| symantec | norton_internet_security | 2003 | |
| symantec | norton_internet_security | 2004 | |
| symantec | norton_internet_security | 2004 | |
| symantec | norton_personal_firewall | 2002 | |
| symantec | norton_personal_firewall | 2003 | |
| symantec | norton_personal_firewall | 2004 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:client_firewall:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "4AEFBAEB-18D4-4082-9F19-C47113841C89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_firewall:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EA9657C-14D2-418A-AABD-96392E87F4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1DFD4CB-40A1-4D70-97AC-0941826F28CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7483F6DD-EDC0-497E-A5A9-B186E02CCCEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "102D0C6A-31B8-4275-A805-4CA446D1C77F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA18147D-E618-4902-8837-5824240DD50E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "75D357CC-EAD0-42E3-B38C-BE2DC44D154E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "201403B4-3B5C-4F77-ADAE-7A553D4D58F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D19926-AB65-4C06-8C44-7EA9B070FD1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F27E94F-F6D6-4C40-878F-BF952658A909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3AA71038-2D4E-4366-A3D1-AD85251B3E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CC689F12-84C6-4B52-970F-DAF6B00B4A42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDD0E02-306D-4675-B73A-2C2F619CDDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antispam:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "EA28BC22-ABF0-4F1E-BA83-85B398775450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "F05FEBA2-33E8-4074-8B57-4FE6FFEF2F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2002:*:pro:*:*:*:*:*",
"matchCriteriaId": "A5FA0458-AB41-495E-B41F-C18B4E6876CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF97C5F-3A80-4973-85FD-5BCE43B32AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2003:*:pro:*:*:*:*:*",
"matchCriteriaId": "1F0BF645-7C56-4ED6-91C0-AE4CFAB62EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACBDE0C-91D2-4357-9724-B60BBFF5D2B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2004:*:pro:*:*:*:*:*",
"matchCriteriaId": "D7875372-44D7-47AB-8F8C-4A3AB98FB3B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "898D5369-E2F3-450C-8554-1C692EAA9906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "74E5CAF7-C305-4FAF-8DA7-627D83F65185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "36C0FF0C-EB6E-479B-BFF9-E55CBC0D6500",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SYMDNS.SYS driver in Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a DNS response with a compressed name pointer that points to itself."
},
{
"lang": "es",
"value": "El controlador SYMDNS.SYS de Symantec Norton Internet Security y Professional 2002 a 2004, Norton Personal Firewall 2002 a 2004, Norton AntiSpam 2004, Client Firewall 5.01 y 5.1.1, Client Securiy 1.0 a 2.0 permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumici\u00f3n de CPU en un buble infinito) mediante una respuesta DNS con un puntero de nombre comprimido que apunta a s\u00ed mismo."
}
],
"id": "CVE-2004-0445",
"lastModified": "2024-11-20T23:48:36.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-07-07T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021359.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11066"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1010144"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1010145"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1010146"
},
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/o-141.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/682110"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6100"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/10336"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021359.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1010144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1010145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1010146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/o-141.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/682110"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/10336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16132"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-05-11 10:19
Modified
2024-11-21 00:13
Severity ?
Summary
The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | norton_antivirus | 2005 | |
| symantec | norton_antivirus | 2006 | |
| symantec | norton_internet_security | 2005 | |
| symantec | norton_internet_security | 2006 | |
| symantec | norton_system_works | 2005 | |
| symantec | norton_system_works | 2006 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "11477B6E-C4C5-4664-91A7-D253077981F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "44843812-35FC-4378-B239-EEC74A0C8A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "06C7CD61-A47B-4521-8C6F-4BB1F4C95614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CC64B1-772C-42A9-9B0A-08CA92DC87E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "29F670F0-FD5D-447C-94B8-691482D907F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "05EB078C-2538-4961-ABFF-6C4601C3977F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to \"crash the control\" via unspecified vectors related to content on a web site, and place Internet Explorer into a \"defunct state\" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771."
},
{
"lang": "es",
"value": "El control ActiveX Symantec NAVOPTS.DLL (tambi\u00e9n se conoce como Symantec.Norton.AntiVirus.NAVOptions) versi\u00f3n 12.2.0.13, tal y como es usado en Norton AntiVirus, Internet Security y System Works 2005 y 2006, est\u00e1 dise\u00f1ado para usarse \u00fanicamente en navegadores web integrados en aplicaciones, lo que permite atacantes remotos \"crash the control\" por medio de vectores no especificados relacionados con el contenido en un sitio web, y colocar Internet Explorer en un \"defunct state\" en el que los atacantes remotos pueden ejecutar c\u00f3digo arbitrario adem\u00e1s de otros controles ActiveX de Symantec, independientemente de si est\u00e1n marcados como seguros para el scripting. NOTA: este CVE fue utilizado inadvertidamente para un problema de protecci\u00f3n autom\u00e1tica de correo electr\u00f3nico, pero a ese problema ha sido asignado CVE-2007-3771."
}
],
"id": "CVE-2006-3456",
"lastModified": "2024-11-21T00:13:39.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-05-11T10:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=529"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35075"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25172"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23822"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018031"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.05.09.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1751"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.05.09.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/1751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34200"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote attackers to cause a denial of service (component crash) and avoid detection via a crafted RAR file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | antivirus_scan_engine | 4.3.7.27 | |
| symantec | mail_security | 4.0.5.66 | |
| symantec | mail_security | 4.5.4.743 | |
| symantec | norton_antivirus | 2005_11.0.0 | |
| symantec | norton_internet_security | 2005_contains_nav_11.0.0 | |
| symantec | norton_system_works | 2005_contains_nav_11.0.0 | |
| symantec | symav_filter_domino_nt | 3.1.1.87 | |
| symantec | web_security | 3.0.1.72 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3.7.27:*:*:*:*:*:*:*",
"matchCriteriaId": "51170553-03E8-4588-97A0-8DA57C37B5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.0.5.66:*:smtp:*:*:*:*:*",
"matchCriteriaId": "111FA175-C681-4524-AF08-1C65C44189CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.5.4.743:*:exchange:*:*:*:*:*",
"matchCriteriaId": "AF7B2BEA-4030-4360-ABA6-8DF44DB67E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2005_11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4AEBDC11-A174-4974-8D57-469CD9C749C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2005_contains_nav_11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7FE1A0A-4352-459A-892D-29AB14AA3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2005_contains_nav_11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB2DC849-2C1D-43B5-B9A9-599DAA05EE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:symav_filter_domino_nt:3.1.1.87:*:*:*:*:*:*:*",
"matchCriteriaId": "54C8D211-9151-4D95-907E-19BD465C320E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.0.1.72:*:*:*:*:*:*:*",
"matchCriteriaId": "47BC2FF9-A77F-46B8-A714-BBA08A81E5A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote attackers to cause a denial of service (component crash) and avoid detection via a crafted RAR file."
}
],
"id": "CVE-2005-1346",
"lastModified": "2024-11-20T23:57:08.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.04.27.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.04.27.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-30 23:59
Modified
2024-11-21 02:50
Severity ?
Summary
The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via modified MIME data in a message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_security:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "0C78C906-E9C6-4068-9A6F-3998E7741059",
"versionEndIncluding": "13.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:protection_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56A57E41-7739-490E-ADD2-05B006148223",
"versionEndIncluding": "7.0.5",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD8F7EBB-8ACA-471F-9557-2A3C8E14A05F",
"versionEndIncluding": "7.5.4",
"versionStartIncluding": "7.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "580CEE93-D3FA-4D94-909B-DCBD18889E7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:advanced_threat_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6239DAA-EEB3-4483-9DAD-BC0D571BF29A",
"versionEndIncluding": "2.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_bootable_removal_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64EFED02-BE21-40C2-B9DF-E2DEFE675A9F",
"versionEndIncluding": "2016.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A33DC725-184F-47DA-BE64-D90540B3B7AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.0:mp1:*:*:*:*:*:*",
"matchCriteriaId": "36039D60-BB6E-4701-B90E-D2954600386D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2CFC20B-2B5D-4E00-B62A-A95B593544DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.5:mp1:*:*:*:*:*:*",
"matchCriteriaId": "39B85357-FE30-4BC2-8A2C-CE9C4383C777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AF15255A-1818-4554-86F6-C553087DBCBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.6:mp1:*:*:*:*:*:*",
"matchCriteriaId": "24823086-8771-4495-8DCB-47F1AF27988E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE4FB61-2CCC-41DD-8F06-65DE35A98E75",
"versionEndIncluding": "6.0.6",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BA33EC1-D6B3-47D1-BCA1-399BC95187A1",
"versionEndIncluding": "6.05",
"versionStartIncluding": "6.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:message_gateway_for_service_providers:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "361DA2D7-C3CC-41A2-A39D-4DA2AFE31A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:message_gateway_for_service_providers:10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "00B021EA-7B32-461A-9937-58AA646B62EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:csapi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B105323B-438B-4506-9575-5D55AB837D53",
"versionEndIncluding": "10.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9A310968-717F-4DE8-88EA-E1CF7B842121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1:*:*:*:*:*:*",
"matchCriteriaId": "40DAC718-5E21-4616-AA68-F46E9D0DC5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp2:*:*:*:*:*:*",
"matchCriteriaId": "E94A3EEE-61B5-47CD-B880-9E09F56BDAD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp3:*:*:*:*:*:*",
"matchCriteriaId": "1FF40801-FB4E-4708-85BD-CF22AB67AEE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:*:*:*",
"matchCriteriaId": "9844DFD0-3834-4E3C-BE61-D7C1A6D5C76D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:linux:*:*",
"matchCriteriaId": "ED771B06-2BD2-4B5D-9F91-B5377595E931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:macos:*:*",
"matchCriteriaId": "12B8F2F5-0929-4B95-B6C3-33581F489AF4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_power_eraser:*:*:*:*:*:*:*:*",
"matchCriteriaId": "679C5062-D79D-4FE2-8764-9D6FFB1A87D6",
"versionEndIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC90DD4-8E70-4C5E-999C-C5E1F7483181",
"versionEndIncluding": "8.0.9",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFC2C12-8952-4D10-A8DF-6F1092DEADD6",
"versionEndIncluding": "8.1.3",
"versionStartIncluding": "8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18E0EBEA-966E-4A26-82F8-2451BBE2996D",
"versionEndIncluding": "7.0.4",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E786080F-C93C-4AAF-9752-6174E0F12D0A",
"versionEndIncluding": "7.5.4",
"versionStartIncluding": "7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:6.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9042F0E1-F41D-4A9F-A3E8-07B2626B433F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:message_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D9E9B7-0F13-4D0F-95CB-3ECEABBD6E44",
"versionEndIncluding": "10.6.1-3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40F434A2-9094-46E3-8A2C-E166FE2D296A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A58C09D-72A0-48E1-ABF0-49EBECA5D02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24796276-EB93-4499-AF41-E7608CB211B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3937479-A204-4308-901A-CF423667CB24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_security_with_backup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "740DB7AB-6027-4232-85AD-F30B37826B35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:ngc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7A6B2-C4B9-4CA3-93E7-77737C29744E",
"versionEndIncluding": "22.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via modified MIME data in a message."
},
{
"lang": "es",
"value": "El motor AntiVirus Decomposer en Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x hasta la versi\u00f3n 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) en versiones anteriores a 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) para Mac; Symantec Endpoint Protection (SEP) para Linuxen versiones anteriores a 12.1 RU6 MP5; Symantec Protection Engine (SPE) en versiones anteriores a 7.0.5 HF01, 7.5.x en versiones anteriores a 7.5.3 HF03, 7.5.4 en versiones anteriores a HF01 y 7.8.0 en versiones anteriores a HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 hasta la versi\u00f3n 6.0.5 en versiones anteriores a 6.0.5 HF 1.5 y 6.0.6 en versiones anteriores a HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) en versiones anteriores a 7.0_3966002 HF1.1 y 7.5.x en versiones anteriores a 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) en versiones anteriores a 8.0.9 HF1.1 y 8.1.x en versiones anteriores a 8.1.3 HF1.2; CSAPI en versiones anteriores a 10.0.4 HF01; Symantec Message Gateway (SMG) en versiones anteriores a 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 en versiones anteriores a patch 254 y 10.6 en versiones anteriores a patch 253; Norton AntiVirus, Norton Security, Norton Internet Security y Norton 360 en versiones anteriores a NGC 22.7; Norton Security para Mac en versiones anteriores a 13.0.2; Norton Power Eraser (NPE) en versiones anteriores a5.1 y Norton Bootable Removal Tool (NBRT) en versiones anteriores a 2016.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de datos MIME modificados en un mensaje."
}
],
"id": "CVE-2016-3644",
"lastModified": "2024-11-21T02:50:26.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-30T23:59:05.760",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91431"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036198"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036199"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40034/"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40034/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-05 21:17
Modified
2024-11-21 00:33
Severity ?
Summary
The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2AD14C-2BD2-4658-BDB0-232A9E26EA2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:clearswift:*:*:*:*:*",
"matchCriteriaId": "1E739083-DFC2-4A89-9F84-E067E127D420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E65DC45B-8FA9-453E-8249-45535EA64D34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C9DA3717-A218-459B-891C-F3F945D42A22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F11687CE-E997-4D26-ACAE-B9175348ADDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:caching:*:*:*:*:*",
"matchCriteriaId": "2F90AD67-02CB-4006-B567-631FD633DB17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:clearswift:*:*:*:*:*",
"matchCriteriaId": "BC0F87D0-E4B5-41FC-8050-386B9CE04249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:microsoft_sharepoint:*:*:*:*:*",
"matchCriteriaId": "FBBFF303-3DD6-4312-94CD-37E5170A93AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:network_attached_storage:*:*:*:*:*",
"matchCriteriaId": "59962A9A-10F4-4F1B-A5AB-8743C0874963",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "346F8C27-F389-412C-B7C2-2CF3344E557C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3.7.27:*:*:*:*:*:*:*",
"matchCriteriaId": "51170553-03E8-4588-97A0-8DA57C37B5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3.8.29:*:*:*:*:*:*:*",
"matchCriteriaId": "A32C5A4C-9E39-4718-8BF1-283183B4A516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "301B1340-A402-4D3E-AAF8-17CD8B59517D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3.12:*:caching:*:*:*:*:*",
"matchCriteriaId": "52CE5595-323D-45A2-BD05-C6B2CBD6BA38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3.12:*:clearswift:*:*:*:*:*",
"matchCriteriaId": "3042D5B7-AE27-4664-87DB-679422029199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3.12:*:messaging:*:*:*:*:*",
"matchCriteriaId": "671CBE65-1FCF-43B8-8D21-5C8CC7C17417",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3.12:*:microsoft_sharepoint:*:*:*:*:*",
"matchCriteriaId": "28BD859A-F57B-444C-8083-AE99E59B9DC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:4.3.12:*:network_attached_storage:*:*:*:*:*",
"matchCriteriaId": "6158E16F-468A-4B76-8199-500FCAC1E54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "992DB720-52A8-43D4-B74B-96C0F763ED0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus_scan_engine:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "685F58DC-6BD3-499C-A9D5-BB9C909FE857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:brightmail_antispam:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "95436CD6-8E9C-4F89-9683-0650F6167027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:brightmail_antispam:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FC910CFD-9F20-473E-BC2D-64A7A3C14404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:brightmail_antispam:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "849782E0-9F26-411F-82B9-88B5FC4F4C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:brightmail_antispam:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAD87DB3-45C2-4091-A83B-25E427563C70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:brightmail_antispam:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E0910781-9EF9-4188-AA33-1C54F01A0832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:brightmail_antispam:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7647813B-2B9F-4B0F-96D1-C533A49DDC6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:brightmail_antispam:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "09AD23D0-4502-4090-9172-002B92D83C09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDD0E02-306D-4675-B73A-2C2F619CDDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0:*:scf_7.1:*:*:*:*:*",
"matchCriteriaId": "97AF14CF-3BD6-4A03-B543-3150C656198E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0:build_9.0.0.338:stm:*:*:*:*:*",
"matchCriteriaId": "8A1E2653-A061-48BD-AC62-643CDD78E859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.1_build_9.0.1.1000:mr1:*:*:*:*:*:*",
"matchCriteriaId": "D934F853-C7E0-421E-9AF3-B7B49228722F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.2_build_9.0.2.1000:mr2:*:*:*:*:*:*",
"matchCriteriaId": "D608AACF-A4BC-49CE-BE49-E8F3AEF31DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.3_build_9.0.3.1000:mr3:*:*:*:*:*:*",
"matchCriteriaId": "3238894A-3C25-4CC8-A319-8AA7246FEC51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D86F7A-F2C0-471C-8EA8-E1C7230F25AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.4:mr4_build1000:*:*:*:*:*:*",
"matchCriteriaId": "11C1491F-01A1-47B1-87BB-6F7676448A2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.5_build_1100_mp1:mr5:*:*:*:*:*:*",
"matchCriteriaId": "9204DC08-0809-4762-B5CB-5485E67CA31D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.6:mr6:*:*:*:*:*:*",
"matchCriteriaId": "841CF36F-14A0-49A6-8442-681F25DC8DCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "844A6963-F60C-4D48-8445-9056C99201D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.0.359:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB1C90D-DBC0-4DA0-AF5D-E42C41E84B60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.1.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "2852548A-39A6-44FB-A73E-96507BA0CD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.1.1001:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9641FC-FF7B-4413-8163-B795AA35C888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.1.1007:*:*:*:*:*:*:*",
"matchCriteriaId": "17862D7F-7001-46B8-A415-2A15A247E9BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.1.1008:*:*:*:*:*:*:*",
"matchCriteriaId": "170AEE7B-31AF-44E2-9B63-9703D0DE721C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2000:*:*:*:*:*:*:*",
"matchCriteriaId": "63B1A9FC-707C-4F6F-959B-30B28E43D202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2001:*:*:*:*:*:*:*",
"matchCriteriaId": "87E4E013-A819-42E0-8F8E-9B2D409F900E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2002:*:*:*:*:*:*:*",
"matchCriteriaId": "097B87A8-8176-4426-BDE4-6FDDD272E1B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2010:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBD7767-C352-435B-8963-83F723FFD302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2011:*:*:*:*:*:*:*",
"matchCriteriaId": "E2FC1708-B643-4489-A59C-EBDAFD9B0078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2020:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCE0C8A-A97C-4DE1-B0EE-3A2D16A34C77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2021:*:*:*:*:*:*:*",
"matchCriteriaId": "EE714705-CEE9-4BA1-8573-FD3765BC7F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D24019B-20F0-4B4D-86A5-9409698E6216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.394:*:*:*:*:*:*:*",
"matchCriteriaId": "D6090F86-0B42-403F-9996-9B7670EBAA5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.396:*:*:*:*:*:*:*",
"matchCriteriaId": "B3706E76-FC65-467E-8D09-A9EAC32E9BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.400:*:*:*:*:*:*:*",
"matchCriteriaId": "BF555313-BB5A-4D8A-A3A1-609ABC39F6FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.401:*:*:*:*:*:*:*",
"matchCriteriaId": "BC74372F-329A-4597-810B-88B865771C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.0:*:domino:*:*:*:*:*",
"matchCriteriaId": "DA6CFDFD-1EB4-458A-AD39-320E619593D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.0:*:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "05B85F14-4248-4550-BE7F-D9BAB9DC90C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.0:build456:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "419D2E24-CA90-471D-9F35-1795F6A65B60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.0:build463:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "965DA3C4-7559-4583-A5DC-BEABEAA7E87B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.0:build465:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "EBEB8E8E-DB27-45FB-90CA-2CF3A515AC4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.0:build736:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "8184E073-37B0-4654-8DF8-379EFC5FB0D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.0:build741:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "C29B7C1F-C4AB-4CAB-8177-B64F4B8A2B26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.0:build743:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "D1FBFE00-4692-48C2-A6C7-9179E185A275",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.0.1:*:domino:*:*:*:*:*",
"matchCriteriaId": "DBE74BFA-003E-40CC-83E1-1AC7159B0C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.1:build458:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "E21CDCBA-3C86-462B-8383-58C893978EBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.1:build459:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "E6179A68-2322-4D79-9446-5A5E4B27AD33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.1:build461:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "EE92421B-C0CA-4B28-9E26-EF0A115C9330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.5:*:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "DC8AD646-E257-4065-B358-8B4944D327E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.5.4.743:*:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "F50BA510-67D5-4FF1-87D0-215B68D20EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.5_build_719:*:exchange:*:*:*:*:*",
"matchCriteriaId": "5CA62889-7A55-459F-BFD8-D38CD93F9219",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.5_build_736:*:exchange:*:*:*:*:*",
"matchCriteriaId": "766327B9-E8DA-4422-80C2-48E333161D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.5_build_741:*:exchange:*:*:*:*:*",
"matchCriteriaId": "3C5FF883-831F-47CC-BD04-BBFD25BDE8DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.6.1.107:*:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "C6EAA83D-2073-4360-BD3C-59AF34EADE1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.6.3:*:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "60D239DF-65AD-4492-AEE1-FCD36E99DD63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:4.6_build_97:*:exchange:*:*:*:*:*",
"matchCriteriaId": "7AD92ABA-2D03-46FD-85D5-33FC369015DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:5.0:*:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "9608BF57-0D9A-4874-BFDA-C92447FACD70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:5.0:*:smtp:*:*:*:*:*",
"matchCriteriaId": "96E660E2-C0F9-499F-A01D-DB368179F28F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:5.0.0.204:*:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "8E1C4824-3774-41EF-80E1-42A417830978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:5.0.1:*:smtp:*:*:*:*:*",
"matchCriteriaId": "A8430D5E-A8A7-4724-8A6B-B5E2CA437729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:5.1.0:*:domino:*:*:*:*:*",
"matchCriteriaId": "A3D2C4B6-2F13-4487-989E-AC247D4D011A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security:6.0.0:*:microsoft_exchange:*:*:*:*:*",
"matchCriteriaId": "091D4557-21F6-412F-933A-9F0FD8152E28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:*:*:corporate_edition_for_linux:*:*:*:*:*",
"matchCriteriaId": "2CC0DE59-149C-42DD-9516-BDB79A9BC412",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "88FE6753-A619-4703-8120-F23EEC8C48EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "497635AC-D7F2-4A5C-8C37-DA493C9681A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "E72D8D65-340C-4505-AA80-F9E7870513EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.0.338:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "774AD674-895A-4242-9AC9-BAD6CB862785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.1:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "242D33E8-1B6B-4562-9F2A-1B34E3B7BC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.1.1.1000:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "C9797D21-CD64-4B61-A4C1-AC4AD3F9B3D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.2:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "252ACD1B-323F-4139-880D-89D600F29986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.2.1000:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "618F6F78-566A-4901-8B57-BB6DCAC7E892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.3:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "B2D0922A-3EA3-4BC9-9311-9DCA57338CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.3.1000:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "EB7F329F-4390-4735-B2C2-BC6A72FBE36A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.4:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "A5D058F6-779B-4ED4-ADC7-A68491F72BAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.4:mr4_build_1000:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "29E1AF72-6D48-4DAF-904A-B55366189251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.5:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "4B5EE3B2-FF16-4231-B99D-81CB10239576",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.5.1100:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "7D26AB91-36AB-4BF6-9D0D-098F04C60AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.6.1000:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "E5E0AB4E-4DD0-4D87-BBE5-B459A8B7301F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "4433613D-EB44-4D60-861F-F9FFA2ED4F6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "7225A578-8F62-42BD-99AC-D3385478613A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "FF0903BD-3E78-4024-A773-16100F519B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.0.359:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "BF18D806-E781-4F17-9341-D48CBC06949E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.1:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "1B390577-F1F1-4821-90FB-967E749F7CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.1.1000:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "88AA69B4-865C-4959-9681-62A7591D6CFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.1.1007:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "55EDC888-F593-49E8-95A4-87D8FE9CC09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.1.1008:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "B7A47F4F-DC34-4B7D-9C3A-4631FFFC1142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2000:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "B70ACBE6-C754-4A6F-AC2F-89657DA179E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2001:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "8C6C2421-5651-4B3F-9DBC-DC411C989BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2002:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "5B967B9A-215D-470A-9722-5782D0AE0980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2010:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "F4BFDD98-F70E-41A9-9245-7EC5D140D4F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2011:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "DFC9BF64-65E7-4E0E-A637-13794A02CEED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2020:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "6B188333-A087-4FC7-864B-F802932455F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2021:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "A33A8A08-F356-4616-A603-00ADCC062D4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "B5889206-CE1C-489B-8984-EE4055BBC6BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.4:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "62EA1AE0-6A8B-4C13-B95D-7F9694AD5535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.4:mr4_mp1_build4010:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "B31249CA-296D-42C2-8939-61B990559BD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.4.4010:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "5C6B6D3A-715A-45B9-8231-77A6DE847973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.394:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "73A3CB7B-DD39-48E7-8D33-1E222933A7D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.396:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "116F0C9D-9255-4B98-B1CF-C78A96240784",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.400:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "A8957B43-0673-439F-86F6-5791372BA498",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.401:*:corporate_edition:*:*:*:*:*",
"matchCriteriaId": "D2ACD718-6232-463A-ACEE-B06A02D3243A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.9.1:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "44073E2A-A8AB-4D1A-BCFC-8439E40E97E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "DF5E129A-4FA8-4084-92BE-5A65FABD53DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2004:*:professional:*:*:*:*:*",
"matchCriteriaId": "C2E302A4-72F8-478B-9FA2-2536902986B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "11477B6E-C4C5-4664-91A7-D253077981F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2005:*:professional:*:*:*:*:*",
"matchCriteriaId": "3967227C-FCB1-486E-A6C4-43B8004C4A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2005:11.0:*:*:*:*:*:*",
"matchCriteriaId": "894F1929-1029-4B57-A66A-EA58F7D94D1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2005:11.0.9:*:*:*:*:*:*",
"matchCriteriaId": "C532E93A-5D0D-454D-8B14-F5E9C6A0499F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "44843812-35FC-4378-B239-EEC74A0C8A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:3.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "D2259605-B720-42B0-8476-6CAE07C7B143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACBDE0C-91D2-4357-9724-B60BBFF5D2B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2004:*:professional:*:*:*:*:*",
"matchCriteriaId": "09CA1AC8-E273-44C1-9D1C-19542EB57433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "06C7CD61-A47B-4521-8C6F-4BB1F4C95614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2005:*:professional:*:*:*:*:*",
"matchCriteriaId": "E4BBE123-56E1-46E0-93BE-38F0932D9C63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2005:11.0:*:*:*:*:*:*",
"matchCriteriaId": "F39AE3D7-7018-47AB-B332-D40EA5273CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2005:11.0.9:*:*:*:*:*:*",
"matchCriteriaId": "82446BA3-92F9-4689-9D67-3CE159AA0F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2005:11.5.6.14:*:*:*:*:*:*",
"matchCriteriaId": "98F9F2E3-1775-4EF9-9FE0-0D011307C269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CC64B1-772C-42A9-9B0A-08CA92DC87E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2006:*:professional:*:*:*:*:*",
"matchCriteriaId": "1DE91FB9-35C3-4DC7-BE00-7C60EE9FD880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "C890A979-00E7-44E6-8CEA-8E4B2C966622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2006_9.1.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8C73F1-FEF1-40A3-BFAB-CE226B98E001",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2006_9.1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC50007-59F4-45B0-BABF-BCF2CAB4A9B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:3.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "F648A08A-24EF-45A5-B7FD-00CAD5892061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "F589D9AA-FD1B-4929-93DC-801C36087E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "29F670F0-FD5D-447C-94B8-691482D907F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2005:*:premier:*:*:*:*:*",
"matchCriteriaId": "CBB1521D-B16D-4E28-8723-AF96E95D7596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2005:11.0:*:*:*:*:*:*",
"matchCriteriaId": "67EECA52-EECB-4AAA-85F9-ADBE028B8068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2005:11.0.9:*:*:*:*:*:*",
"matchCriteriaId": "CE8022C6-360B-4A3D-AD70-3DC79B339231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "05EB078C-2538-4961-ABFF-6C4601C3977F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:symantec_antivirus_filtering_\\+for_domino:3.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "37AE8BC0-663C-4D1D-8FF5-13F682BBEE79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "60B08F85-A0E6-4984-83E9-41CD29751BE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "690F3A5F-F990-41C9-9964-B033188C86F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43E4FAC8-2893-48FA-B159-49C8AA380338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.0.1.70:*:*:*:*:*:*:*",
"matchCriteriaId": "5D37768F-A43C-420E-85CA-A5EF3E30F47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.0.1.76:*:*:*:*:*:*:*",
"matchCriteriaId": "ABE3F492-D08F-4558-BC19-F33BBB0D55A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.0.1_build_3.01.70:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CD5C31-4F4A-44F1-A3E1-2B4BB78E152D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.0.1_build_3.01.72:*:*:*:*:*:*:*",
"matchCriteriaId": "F39BAADB-6BF1-4871-ABEC-4BFA1321FE59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.0.1_build_3.01.74:*:*:*:*:*:*:*",
"matchCriteriaId": "451A414E-1A02-45D1-8DFC-61B3E17BF12A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.01.59:*:*:*:*:*:*:*",
"matchCriteriaId": "B05B8522-E203-49A0-8C5B-3DA7B06AF5AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.01.60:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD064CE-3C39-4243-B59E-CC8E48ED50DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.01.61:*:*:*:*:*:*:*",
"matchCriteriaId": "9886B467-793C-4D07-9B1B-B80FA5266D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.01.62:*:*:*:*:*:*:*",
"matchCriteriaId": "676F5A96-B21B-49FF-86EA-F18F9C3931C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.01.63:*:*:*:*:*:*:*",
"matchCriteriaId": "18991132-C5B6-43AB-BDCB-196BB2957F27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.01.67:*:*:*:*:*:*:*",
"matchCriteriaId": "42CE2596-83A9-4A80-A8C6-825EDEAAB8B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:3.01.68:*:*:*:*:*:*:*",
"matchCriteriaId": "CBA16BAF-6263-44EA-B3EB-187264913D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:web_security:5.0:*:microsoft_isa_2004:*:*:*:*:*",
"matchCriteriaId": "8E7C32F4-1225-4A4E-BD98-DFE026383482",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:symantec:gateway_security_5000_series:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76147168-37FB-444C-BD40-EFC31A0A499A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:gateway_security_5400:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA896DF0-76AD-4CEE-9FE0-5E6758FC9A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:symantec:mail_security_8820_appliance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "823BD557-6352-4EC2-AE78-2C0CE6F660D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header."
},
{
"lang": "es",
"value": "El componente Decomposer en m\u00faltiples productos Symantec permite a atacantes remotos provocar denegaci\u00f3n de servicio (bucles infinitos) a trav\u00e9s de ciertos valores en el campo PACK_SIZE de una cabecera de archivo RAR."
}
],
"id": "CVE-2007-3699",
"lastModified": "2024-11-21T00:33:51.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-10-05T21:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36119"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26053"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24282"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2508"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-039.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-30 23:59
Modified
2024-11-21 02:48
Severity ?
Summary
Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code via a crafted file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18E0EBEA-966E-4A26-82F8-2451BBE2996D",
"versionEndIncluding": "7.0.4",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E786080F-C93C-4AAF-9752-6174E0F12D0A",
"versionEndIncluding": "7.5.4",
"versionStartIncluding": "7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:6.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9042F0E1-F41D-4A9F-A3E8-07B2626B433F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_power_eraser:*:*:*:*:*:*:*:*",
"matchCriteriaId": "679C5062-D79D-4FE2-8764-9D6FFB1A87D6",
"versionEndIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:protection_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56A57E41-7739-490E-ADD2-05B006148223",
"versionEndIncluding": "7.0.5",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD8F7EBB-8ACA-471F-9557-2A3C8E14A05F",
"versionEndIncluding": "7.5.4",
"versionStartIncluding": "7.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "580CEE93-D3FA-4D94-909B-DCBD18889E7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1:*:*:*:*:*:*",
"matchCriteriaId": "40DAC718-5E21-4616-AA68-F46E9D0DC5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1a:*:*:*:*:*:*",
"matchCriteriaId": "9F6B238A-F29B-4FBD-8212-4ECEA485CBCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp2:*:*:*:*:*:*",
"matchCriteriaId": "E94A3EEE-61B5-47CD-B880-9E09F56BDAD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp3:*:*:*:*:*:*",
"matchCriteriaId": "1FF40801-FB4E-4708-85BD-CF22AB67AEE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:*:*:*",
"matchCriteriaId": "9844DFD0-3834-4E3C-BE61-D7C1A6D5C76D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:message_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D9E9B7-0F13-4D0F-95CB-3ECEABBD6E44",
"versionEndIncluding": "10.6.1-3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40F434A2-9094-46E3-8A2C-E166FE2D296A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A58C09D-72A0-48E1-ABF0-49EBECA5D02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24796276-EB93-4499-AF41-E7608CB211B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3937479-A204-4308-901A-CF423667CB24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_security_with_backup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "740DB7AB-6027-4232-85AD-F30B37826B35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:ngc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7A6B2-C4B9-4CA3-93E7-77737C29744E",
"versionEndIncluding": "22.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:message_gateway_for_service_providers:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "361DA2D7-C3CC-41A2-A39D-4DA2AFE31A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:message_gateway_for_service_providers:10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "00B021EA-7B32-461A-9937-58AA646B62EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_bootable_removal_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64EFED02-BE21-40C2-B9DF-E2DEFE675A9F",
"versionEndIncluding": "2016.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC90DD4-8E70-4C5E-999C-C5E1F7483181",
"versionEndIncluding": "8.0.9",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFC2C12-8952-4D10-A8DF-6F1092DEADD6",
"versionEndIncluding": "8.1.3",
"versionStartIncluding": "8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A33DC725-184F-47DA-BE64-D90540B3B7AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.0:mp1:*:*:*:*:*:*",
"matchCriteriaId": "36039D60-BB6E-4701-B90E-D2954600386D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2CFC20B-2B5D-4E00-B62A-A95B593544DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.5:mp1:*:*:*:*:*:*",
"matchCriteriaId": "39B85357-FE30-4BC2-8A2C-CE9C4383C777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AF15255A-1818-4554-86F6-C553087DBCBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.6:mp1:*:*:*:*:*:*",
"matchCriteriaId": "24823086-8771-4495-8DCB-47F1AF27988E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_security:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "0C78C906-E9C6-4068-9A6F-3998E7741059",
"versionEndIncluding": "13.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:advanced_threat_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6239DAA-EEB3-4483-9DAD-BC0D571BF29A",
"versionEndIncluding": "2.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.03:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB9099B-FB1D-439B-BEAC-23D199542256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.04:*:*:*:*:*:*:*",
"matchCriteriaId": "4AED9F60-CCEA-43EF-93B4-2C13F5574BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "24F42E84-1AB9-45CF-ABE7-17911915606A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A5393B-BC84-4590-9779-3A6752EC767F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:csapi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B105323B-438B-4506-9575-5D55AB837D53",
"versionEndIncluding": "10.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1:*:*:*:*:*:*",
"matchCriteriaId": "40DAC718-5E21-4616-AA68-F46E9D0DC5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1a:*:*:*:*:*:*",
"matchCriteriaId": "9F6B238A-F29B-4FBD-8212-4ECEA485CBCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp2:*:*:*:*:*:*",
"matchCriteriaId": "E94A3EEE-61B5-47CD-B880-9E09F56BDAD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp3:*:*:*:*:*:*",
"matchCriteriaId": "1FF40801-FB4E-4708-85BD-CF22AB67AEE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:*:*:*",
"matchCriteriaId": "9844DFD0-3834-4E3C-BE61-D7C1A6D5C76D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code via a crafted file."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en Dec2SS.dll en el motor AntiVirus Decomposer en Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x hasta la versi\u00f3n 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) en versiones anteriores a 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) para Mac; Symantec Endpoint Protection (SEP) para Linux en versiones anteriores a 12.1 RU6 MP5; Symantec Protection Engine (SPE) en versiones anteriores a 7.0.5 HF01, 7.5.x en versiones anteriores a 7.5.3 HF03, 7.5.4 en versiones anteriores a HF01 y 7.8.0 en versiones anteriores a HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 hasta la versi\u00f3n 6.0.5 en versiones anteriores a 6.0.5 HF 1.5 y 6.0.6 en versiones anteriores a HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) en versiones anteriores a 7.0_3966002 HF1.1 y 7.5.x en versiones anteriores a 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) en versiones anteriores a 8.0.9 HF1.1 y 8.1.x en versiones anteriores a 8.1.3 HF1.2; CSAPI en versiones anteriores a 10.0.4 HF01; Symantec Message Gateway (SMG) en versiones anteriores a 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 en versiones anteriores a patch 254 y 10.6 en versiones anteriores a patch 253; Norton AntiVirus, Norton Security, Norton Internet Security y Norton 360 en versiones anteriores a NGC 22.7; Norton Security para Mac en versiones anteriores a 13.0.2; Norton Power Eraser (NPE) en versiones anteriores a 5.1 y Norton Bootable Removal Tool (NBRT) en versiones anteriores a 2016.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo manipulado."
}
],
"id": "CVE-2016-2209",
"lastModified": "2024-11-21T02:48:02.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 8.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-30T23:59:02.497",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91436"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036198"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036199"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40037/"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40037/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-19 01:07
Modified
2024-11-21 00:19
Severity ?
Summary
Unspecified vulnerability in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to obtain sensitive information via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | automated_support_assistant | * | |
| symantec | norton_antivirus | * | |
| symantec | norton_internet_security | 2006 | |
| symantec | norton_system_works | 2005 | |
| symantec | norton_system_works | 2006 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:automated_support_assistant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B0CDB6-4DB2-4F75-B408-7E8EC39446FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A58C09D-72A0-48E1-ABF0-49EBECA5D02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CC64B1-772C-42A9-9B0A-08CA92DC87E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "29F670F0-FD5D-447C-94B8-691482D907F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "05EB078C-2538-4961-ABFF-6C4601C3977F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to obtain sensitive information via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el Control de ActiveX usado en Symantec Automated Support Assistant, como el usado en el AntiVirus Norton, en Internet Security y System Works 2005 y 2006, permite a los atacantes remotos, con la complicidad del usuario, obtener informaci\u00f3n sensible mediante vectores no especificados."
}
],
"id": "CVE-2006-5404",
"lastModified": "2024-11-21T00:19:06.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-10-19T01:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22228"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016988"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016989"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016990"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016991"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/20348"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3929"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/20348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29366"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-30 23:59
Modified
2024-11-21 02:48
Severity ?
Summary
Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code via a crafted file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18E0EBEA-966E-4A26-82F8-2451BBE2996D",
"versionEndIncluding": "7.0.4",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E786080F-C93C-4AAF-9752-6174E0F12D0A",
"versionEndIncluding": "7.5.4",
"versionStartIncluding": "7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:6.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9042F0E1-F41D-4A9F-A3E8-07B2626B433F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_power_eraser:*:*:*:*:*:*:*:*",
"matchCriteriaId": "679C5062-D79D-4FE2-8764-9D6FFB1A87D6",
"versionEndIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:protection_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56A57E41-7739-490E-ADD2-05B006148223",
"versionEndIncluding": "7.0.5",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD8F7EBB-8ACA-471F-9557-2A3C8E14A05F",
"versionEndIncluding": "7.5.4",
"versionStartIncluding": "7.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "580CEE93-D3FA-4D94-909B-DCBD18889E7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1:*:*:*:*:*:*",
"matchCriteriaId": "40DAC718-5E21-4616-AA68-F46E9D0DC5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1a:*:*:*:*:*:*",
"matchCriteriaId": "9F6B238A-F29B-4FBD-8212-4ECEA485CBCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp2:*:*:*:*:*:*",
"matchCriteriaId": "E94A3EEE-61B5-47CD-B880-9E09F56BDAD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp3:*:*:*:*:*:*",
"matchCriteriaId": "1FF40801-FB4E-4708-85BD-CF22AB67AEE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:*:*:*",
"matchCriteriaId": "9844DFD0-3834-4E3C-BE61-D7C1A6D5C76D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:message_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D9E9B7-0F13-4D0F-95CB-3ECEABBD6E44",
"versionEndIncluding": "10.6.1-3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40F434A2-9094-46E3-8A2C-E166FE2D296A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A58C09D-72A0-48E1-ABF0-49EBECA5D02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24796276-EB93-4499-AF41-E7608CB211B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3937479-A204-4308-901A-CF423667CB24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_security_with_backup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "740DB7AB-6027-4232-85AD-F30B37826B35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:ngc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7A6B2-C4B9-4CA3-93E7-77737C29744E",
"versionEndIncluding": "22.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:message_gateway_for_service_providers:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "361DA2D7-C3CC-41A2-A39D-4DA2AFE31A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:message_gateway_for_service_providers:10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "00B021EA-7B32-461A-9937-58AA646B62EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_bootable_removal_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64EFED02-BE21-40C2-B9DF-E2DEFE675A9F",
"versionEndIncluding": "2016.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC90DD4-8E70-4C5E-999C-C5E1F7483181",
"versionEndIncluding": "8.0.9",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFC2C12-8952-4D10-A8DF-6F1092DEADD6",
"versionEndIncluding": "8.1.3",
"versionStartIncluding": "8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A33DC725-184F-47DA-BE64-D90540B3B7AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.0:mp1:*:*:*:*:*:*",
"matchCriteriaId": "36039D60-BB6E-4701-B90E-D2954600386D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2CFC20B-2B5D-4E00-B62A-A95B593544DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.5:mp1:*:*:*:*:*:*",
"matchCriteriaId": "39B85357-FE30-4BC2-8A2C-CE9C4383C777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AF15255A-1818-4554-86F6-C553087DBCBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.6:mp1:*:*:*:*:*:*",
"matchCriteriaId": "24823086-8771-4495-8DCB-47F1AF27988E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_security:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "0C78C906-E9C6-4068-9A6F-3998E7741059",
"versionEndIncluding": "13.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:advanced_threat_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6239DAA-EEB3-4483-9DAD-BC0D571BF29A",
"versionEndIncluding": "2.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.03:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB9099B-FB1D-439B-BEAC-23D199542256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.04:*:*:*:*:*:*:*",
"matchCriteriaId": "4AED9F60-CCEA-43EF-93B4-2C13F5574BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "24F42E84-1AB9-45CF-ABE7-17911915606A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A5393B-BC84-4590-9779-3A6752EC767F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:csapi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B105323B-438B-4506-9575-5D55AB837D53",
"versionEndIncluding": "10.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1:*:*:*:*:*:*",
"matchCriteriaId": "40DAC718-5E21-4616-AA68-F46E9D0DC5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1a:*:*:*:*:*:*",
"matchCriteriaId": "9F6B238A-F29B-4FBD-8212-4ECEA485CBCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp2:*:*:*:*:*:*",
"matchCriteriaId": "E94A3EEE-61B5-47CD-B880-9E09F56BDAD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp3:*:*:*:*:*:*",
"matchCriteriaId": "1FF40801-FB4E-4708-85BD-CF22AB67AEE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:*:*:*",
"matchCriteriaId": "9844DFD0-3834-4E3C-BE61-D7C1A6D5C76D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code via a crafted file."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en Dec2LHA.dll en el motor AntiVirus Decomposer en Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x hasta la versi\u00f3n 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) en versiones anteriores a 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) para Mac; Symantec Endpoint Protection (SEP) para Linux en versiones anteriores a 12.1 RU6 MP5; Symantec Protection Engine (SPE) en versiones anteriores a 7.0.5 HF01, 7.5.x en versiones anteriores a 7.5.3 HF03, 7.5.4 en versiones anteriores a HF01 y 7.8.0 en versiones anteriores a HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 hasta la versi\u00f3n 6.0.5 en versiones anteriores a 6.0.5 HF 1.5 y 6.0.6 en versiones anteriores a HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) en versiones anteriores a 7.0_3966002 HF1.1 y 7.5.x en versiones anteriores a 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) en versiones anteriores a 8.0.9 HF1.1 y 8.1.x en versiones anteriores a 8.1.3 HF1.2; CSAPI en versiones anteriores a 10.0.4 HF01; Symantec Message Gateway (SMG) en versiones anteriores a 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 en versiones anteriores a patch 254 y 10.6 en versiones anteriores a patch 253; Norton AntiVirus, Norton Security, Norton Internet Security y Norton 360 en versiones anteriores a NGC 22.7; Norton Security para Mac en versiones anteriores a 13.0.2; Norton Power Eraser (NPE) en versiones anteriores a 5.1 y Norton Bootable Removal Tool (NBRT) en versiones anteriores a 2016.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo manipulado."
}
],
"id": "CVE-2016-2210",
"lastModified": "2024-11-21T02:48:02.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 8.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-30T23:59:03.667",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91437"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036198"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036199"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40032/"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40032/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-30 23:59
Modified
2024-11-21 02:50
Severity ?
Summary
Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to have an unspecified impact via crafted TNEF data.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_security:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "0C78C906-E9C6-4068-9A6F-3998E7741059",
"versionEndIncluding": "13.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:protection_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56A57E41-7739-490E-ADD2-05B006148223",
"versionEndIncluding": "7.0.5",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD8F7EBB-8ACA-471F-9557-2A3C8E14A05F",
"versionEndIncluding": "7.5.4",
"versionStartIncluding": "7.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "580CEE93-D3FA-4D94-909B-DCBD18889E7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:advanced_threat_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6239DAA-EEB3-4483-9DAD-BC0D571BF29A",
"versionEndIncluding": "2.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_bootable_removal_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64EFED02-BE21-40C2-B9DF-E2DEFE675A9F",
"versionEndIncluding": "2016.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A33DC725-184F-47DA-BE64-D90540B3B7AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.0:mp1:*:*:*:*:*:*",
"matchCriteriaId": "36039D60-BB6E-4701-B90E-D2954600386D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2CFC20B-2B5D-4E00-B62A-A95B593544DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.5:mp1:*:*:*:*:*:*",
"matchCriteriaId": "39B85357-FE30-4BC2-8A2C-CE9C4383C777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AF15255A-1818-4554-86F6-C553087DBCBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.6:mp1:*:*:*:*:*:*",
"matchCriteriaId": "24823086-8771-4495-8DCB-47F1AF27988E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE4FB61-2CCC-41DD-8F06-65DE35A98E75",
"versionEndIncluding": "6.0.6",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BA33EC1-D6B3-47D1-BCA1-399BC95187A1",
"versionEndIncluding": "6.05",
"versionStartIncluding": "6.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:message_gateway_for_service_providers:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "361DA2D7-C3CC-41A2-A39D-4DA2AFE31A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:message_gateway_for_service_providers:10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "00B021EA-7B32-461A-9937-58AA646B62EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:csapi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B105323B-438B-4506-9575-5D55AB837D53",
"versionEndIncluding": "10.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9A310968-717F-4DE8-88EA-E1CF7B842121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1:*:*:*:*:*:*",
"matchCriteriaId": "40DAC718-5E21-4616-AA68-F46E9D0DC5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp2:*:*:*:*:*:*",
"matchCriteriaId": "E94A3EEE-61B5-47CD-B880-9E09F56BDAD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp3:*:*:*:*:*:*",
"matchCriteriaId": "1FF40801-FB4E-4708-85BD-CF22AB67AEE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:*:*:*",
"matchCriteriaId": "9844DFD0-3834-4E3C-BE61-D7C1A6D5C76D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:linux:*:*",
"matchCriteriaId": "ED771B06-2BD2-4B5D-9F91-B5377595E931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:macos:*:*",
"matchCriteriaId": "12B8F2F5-0929-4B95-B6C3-33581F489AF4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_power_eraser:*:*:*:*:*:*:*:*",
"matchCriteriaId": "679C5062-D79D-4FE2-8764-9D6FFB1A87D6",
"versionEndIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC90DD4-8E70-4C5E-999C-C5E1F7483181",
"versionEndIncluding": "8.0.9",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFC2C12-8952-4D10-A8DF-6F1092DEADD6",
"versionEndIncluding": "8.1.3",
"versionStartIncluding": "8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18E0EBEA-966E-4A26-82F8-2451BBE2996D",
"versionEndIncluding": "7.0.4",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E786080F-C93C-4AAF-9752-6174E0F12D0A",
"versionEndIncluding": "7.5.4",
"versionStartIncluding": "7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:6.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9042F0E1-F41D-4A9F-A3E8-07B2626B433F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:message_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D9E9B7-0F13-4D0F-95CB-3ECEABBD6E44",
"versionEndIncluding": "10.6.1-3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40F434A2-9094-46E3-8A2C-E166FE2D296A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A58C09D-72A0-48E1-ABF0-49EBECA5D02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24796276-EB93-4499-AF41-E7608CB211B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3937479-A204-4308-901A-CF423667CB24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_security_with_backup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "740DB7AB-6027-4232-85AD-F30B37826B35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:ngc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7A6B2-C4B9-4CA3-93E7-77737C29744E",
"versionEndIncluding": "22.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to have an unspecified impact via crafted TNEF data."
},
{
"lang": "es",
"value": "Desbordamiento de entero en el desempaquetado TNEF en el motor AntiVirus Decomposer en Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x hasta la versi\u00f3n 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) en versiones anteriores a 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) para Mac; Symantec Endpoint Protection (SEP) para Linux en versiones anteriores a 12.1 RU6 MP5; Symantec Protection Engine (SPE) en versiones anteriores a 7.0.5 HF01, 7.5.x en versiones anteriores a 7.5.3 HF03, 7.5.4 en versiones anteriores a HF01 y 7.8.0 en versiones anteriores a HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 hasta la versi\u00f3n 6.0.5 en versiones anteriores a 6.0.5 HF 1.5 y 6.0.6 en versiones anteriores a HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) en versiones anteriores a 7.0_3966002 HF1.1 y 7.5.x en versiones anteriores a 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) en versiones anteriores a 8.0.9 HF1.1 y 8.1.x en versiones anteriores a 8.1.3 HF1.2; CSAPI en versiones anteriores a 10.0.4 HF01; Symantec Message Gateway (SMG) en versiones anteriores a 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 en versiones anteriores a patch 254 y 10.6 en versiones anteriores a patch 253; Norton AntiVirus, Norton Security, Norton Internet Security y Norton 360 en versiones anteriores a NGC 22.7; Norton Security para Mac en versiones anteriores a 13.0.2; Norton Power Eraser (NPE) en versiones anteriores a 5.1 y Norton Bootable Removal Tool (NBRT) en versiones anteriores a 2016.1 permite a atacantes remotos tener un impacto no especificado a trav\u00e9s de datos TNEF manipulados."
}
],
"id": "CVE-2016-3645",
"lastModified": "2024-11-21T02:50:26.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-30T23:59:06.747",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91439"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036198"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036199"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40035/"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40035/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-02-03 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | norton_antivirus | 2.1 | |
| symantec | norton_antivirus | 2001 | |
| symantec | norton_antivirus | 2001 | |
| symantec | norton_antivirus | 2002 | |
| symantec | norton_antivirus | 2002 | |
| symantec | norton_antivirus | 2003 | |
| symantec | norton_antivirus | 2003 | |
| symantec | norton_antivirus | 2004 | |
| symantec | norton_antivirus | v3.0 | |
| symantec | norton_internet_security | 2001 | |
| symantec | norton_internet_security | 2001 | |
| symantec | norton_internet_security | 2002 | |
| symantec | norton_internet_security | 2002 | |
| symantec | norton_internet_security | 2003 | |
| symantec | norton_internet_security | 2003 | |
| symantec | norton_internet_security | 2004 | |
| symantec | norton_internet_security | 2004 | |
| symantec | norton_system_works | 2001 | |
| symantec | norton_system_works | 2002 | |
| symantec | norton_system_works | 2003 | |
| symantec | norton_system_works | 2004 | |
| symantec | windows_liveupdate | 1.70.x | |
| symantec | windows_liveupdate | 1.90.x |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2.1:*:ms_exchange:*:*:*:*:*",
"matchCriteriaId": "A9415109-C554-40F6-851E-CC016951BDF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2001:*:*:*:*:*:*:*",
"matchCriteriaId": "19595AF4-8C85-4646-B42B-4B5863798AB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2001:*:pro:*:*:*:*:*",
"matchCriteriaId": "532CF7E7-2F8A-4AC2-91F4-C8D35B8943EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "8F6F3B3C-7C60-4A38-91F0-E09148DB4FD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2002:*:pro:*:*:*:*:*",
"matchCriteriaId": "BFFF5F92-2CB6-4155-91AA-B80476509376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "34B1D862-2CB4-4D50-9BBA-0507FEAA1924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2003:*:pro:*:*:*:*:*",
"matchCriteriaId": "C1538C84-EB7B-407C-9B05-27B9B0A10F16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2004:*:pro:*:*:*:*:*",
"matchCriteriaId": "486AF3E7-B5EC-49D2-9822-0F8E152DEDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:v3.0:*:handhelds:*:*:*:*:*",
"matchCriteriaId": "7980AED6-1CB7-46C0-AD67-238B4A18060B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2001:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2C8E23-852E-4715-9D8D-18F26B1263A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2001:*:pro:*:*:*:*:*",
"matchCriteriaId": "DBF82809-CE59-4B2A-89C0-FB1AF760704E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "F05FEBA2-33E8-4074-8B57-4FE6FFEF2F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2002:*:pro:*:*:*:*:*",
"matchCriteriaId": "A5FA0458-AB41-495E-B41F-C18B4E6876CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF97C5F-3A80-4973-85FD-5BCE43B32AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2003:*:pro:*:*:*:*:*",
"matchCriteriaId": "1F0BF645-7C56-4ED6-91C0-AE4CFAB62EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACBDE0C-91D2-4357-9724-B60BBFF5D2B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2004:*:pro:*:*:*:*:*",
"matchCriteriaId": "D7875372-44D7-47AB-8F8C-4A3AB98FB3B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2001:*:*:*:*:*:*:*",
"matchCriteriaId": "B37463FB-DA25-43F4-BB92-50354DF5A8C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "4BCEEC08-41F6-423A-B845-541227B64CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C31257-E62D-495D-9F7B-09D234B7BF64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "F589D9AA-FD1B-4929-93DC-801C36087E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:windows_liveupdate:1.70.x:*:*:*:*:*:*:*",
"matchCriteriaId": "6118EFBA-C50B-4790-B301-5B996F759105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:windows_liveupdate:1.90.x:*:*:*:*:*:*:*",
"matchCriteriaId": "247F0A9D-E8E4-484A-99AA-4368B84F702B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges."
},
{
"lang": "es",
"value": "La funcionalidad gui para una sesi\u00f3n interactiva en ymantec LiveUpdate 1.70.x hasta la 1.90.x (usadas en Norton Internet Security 2001 hasta 2004, SystemWorks 2001 hasta 2004, y AntiVirus y Norton AntiVirus Pro 2001 hasta 2004, AntiVirus for Handhelds v3.0) permite que usuarios locales obtengan privilegios SYSTEM."
}
],
"id": "CVE-2003-0994",
"lastModified": "2024-11-20T23:46:06.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-02-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107393473928245\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/3428"
},
{
"source": "cve@mitre.org",
"url": "http://www.secnetops.biz/research/SRT2004-01-09-1022.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107393473928245\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/3428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.secnetops.biz/research/SRT2004-01-09-1022.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-09 21:17
Modified
2024-11-21 00:32
Severity ?
Summary
Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | norton_antivirus | 2006 | |
| symantec | norton_internet_security | 2005 | |
| symantec | norton_internet_security | 2006 | |
| symantec | norton_system_works | 2006 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "44843812-35FC-4378-B239-EEC74A0C8A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2005:*:anti_spyware:*:*:*:*:*",
"matchCriteriaId": "803641B7-E099-4CE8-B805-DBB338479E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CC64B1-772C-42A9-9B0A-08CA92DC87E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "05EB078C-2538-4961-ABFF-6C4601C3977F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified \"input validation error\" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de \"errores de validaci\u00f3n de entrada\" sin especificar en m\u00faltiples controles ActiveX en el NavComUI.dll, como el utilizado en el AntiVirus Norton, Internet Security y los productos System Works para 2006, permiten a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de (1) la propiedad AnomalyList del AxSysListView32 y (2) la propiedad Anomaly del AxSysListView32OAA.\r\n"
}
],
"id": "CVE-2007-2955",
"lastModified": "2024-11-21T00:32:03.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-08-09T21:17:00.000",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/25215"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2007-53/advisory/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/24983"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securitytracker.com/id?1018545"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securitytracker.com/id?1018546"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securitytracker.com/id?1018547"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.symantec.com/avcenter/security/Content/2007.08.09.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2007/2822"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35944"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2007-53/advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018545"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018547"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/avcenter/security/Content/2007.08.09.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35944"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-02-23 20:30
Modified
2024-11-21 01:11
Severity ?
Summary
Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. NOTE: this is only a vulnerability if the attacker can "masquerade as an authorized site."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "844A6963-F60C-4D48-8445-9056C99201D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.1.1000:*:*:*:*:*:*:*",
"matchCriteriaId": "2852548A-39A6-44FB-A73E-96507BA0CD8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.1.1001:*:*:*:*:*:*:*",
"matchCriteriaId": "FB9641FC-FF7B-4413-8163-B795AA35C888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.1.1007:*:*:*:*:*:*:*",
"matchCriteriaId": "17862D7F-7001-46B8-A415-2A15A247E9BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.1.1008:*:*:*:*:*:*:*",
"matchCriteriaId": "170AEE7B-31AF-44E2-9B63-9703D0DE721C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.1.1009:*:*:*:*:*:*:*",
"matchCriteriaId": "E651C9BE-201B-4DDC-A650-F9269531290C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "56EA0BAC-ED6D-45D2-995C-18B828906E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2000:*:*:*:*:*:*:*",
"matchCriteriaId": "63B1A9FC-707C-4F6F-959B-30B28E43D202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2001:*:*:*:*:*:*:*",
"matchCriteriaId": "87E4E013-A819-42E0-8F8E-9B2D409F900E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2002:*:*:*:*:*:*:*",
"matchCriteriaId": "097B87A8-8176-4426-BDE4-6FDDD272E1B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2010:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBD7767-C352-435B-8963-83F723FFD302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2011:*:*:*:*:*:*:*",
"matchCriteriaId": "E2FC1708-B643-4489-A59C-EBDAFD9B0078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2020:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCE0C8A-A97C-4DE1-B0EE-3A2D16A34C77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2021:*:*:*:*:*:*:*",
"matchCriteriaId": "EE714705-CEE9-4BA1-8573-FD3765BC7F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D24019B-20F0-4B4D-86A5-9409698E6216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1:mr4:*:*:*:*:*:*",
"matchCriteriaId": "CD25A172-D70C-44E0-9551-F390AF0AD8A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1:mr5:*:*:*:*:*:*",
"matchCriteriaId": "8FB89648-5727-4F8F-83B7-3E11CE69EA3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1:mr6:*:*:*:*:*:*",
"matchCriteriaId": "7E5A8C92-95C4-4ECC-AEA4-37F830B890E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.0.396:*:*:*:*:*:*:*",
"matchCriteriaId": "17110872-8BD5-4CB0-9F2A-B18D091A7EC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.0.401:*:*:*:*:*:*:*",
"matchCriteriaId": "9D29AD07-6545-4180-8E32-C18586684845",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.396:*:*:*:*:*:*:*",
"matchCriteriaId": "B3706E76-FC65-467E-8D09-A9EAC32E9BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.400:*:*:*:*:*:*:*",
"matchCriteriaId": "BF555313-BB5A-4D8A-A3A1-609ABC39F6FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1.401:*:*:*:*:*:*:*",
"matchCriteriaId": "BC74372F-329A-4597-810B-88B865771C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_360:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00819E08-CC5C-48FC-9F80-95B68AB19C65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_360:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9405ECC3-F518-40F7-9541-904C6FACBC85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "44843812-35FC-4378-B239-EEC74A0C8A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "C988B309-F397-412A-8570-C3823C7FE7E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "FA990FD5-DF2F-470A-936D-155A36BEDE3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CC64B1-772C-42A9-9B0A-08CA92DC87E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "692ECBCD-AB6B-4965-93F4-BDAD4777C018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF87752-C86D-4C89-9DE9-F874068C89EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. NOTE: this is only a vulnerability if the attacker can \"masquerade as an authorized site.\""
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el control ActiveX (SYMLTCOM.dll) en Symantec N360 v1.0 y v2.0; Norton Internet Security, AntiVirus, SystemWorks, y Confidential 2006 through 2008; y Symantec Client Security v3.0.x anteriores a v3.1 MR9, y v3.1.x anteriores a MR9; permite a atacantes remotos producir una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos. NOTA: Esto solo es una vulnerabilidad si el atacante puede actuar como si fuese un sitio autorizado."
}
],
"id": "CVE-2010-0107",
"lastModified": "2024-11-21T01:11:32.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-02-23T20:30:00.467",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/62412"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38654"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/509717/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/38217"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023628"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023629"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023630"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1023631"
},
{
"source": "cve@mitre.org",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_01"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0411"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56357"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/62412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/509717/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/38217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56357"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-19 01:07
Modified
2024-11-21 00:19
Severity ?
Summary
Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | automated_support_assistant | * | |
| symantec | norton_antivirus | * | |
| symantec | norton_internet_security | 2006 | |
| symantec | norton_system_works | 2005 | |
| symantec | norton_system_works | 2006 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:automated_support_assistant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B0CDB6-4DB2-4F75-B408-7E8EC39446FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A58C09D-72A0-48E1-ABF0-49EBECA5D02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CC64B1-772C-42A9-9B0A-08CA92DC87E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "29F670F0-FD5D-447C-94B8-691482D907F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "05EB078C-2538-4961-ABFF-6C4601C3977F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en pila en el Control de ActiveX usado en Symantec Automated Support Assistant, como el usado en el AntiVirus Norton, en Internet Security y System Works 2005 y 2006, permite a los atacantes remotos con la complicidad del usuario, causar la denegaci\u00f3n de servicio (ca\u00edda) y la posibilidad de ejecutar c\u00f3digo de su elecci\u00f3n mediante vectores no definidos."
}
],
"id": "CVE-2006-5403",
"lastModified": "2024-11-21T00:19:05.857",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-10-19T01:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22228"
},
{
"source": "cve@mitre.org",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016988"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016989"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016990"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016991"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/400601"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20348"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3929"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016991"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/400601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20348"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3929"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29363"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-26 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Firewall 3.0.4.91 and Norton Internet Security 2001 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large outgoing HTTP request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | norton_internet_security | 2001 | |
| symantec | norton_personal_firewall | 2001_3.0.4.91 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2001:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2C8E23-852E-4715-9D8D-18F26B1263A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2001_3.0.4.91:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA12C64-055D-4A98-A2C1-84FC2928E028",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Firewall 3.0.4.91 and Norton Internet Security 2001 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large outgoing HTTP request."
}
],
"id": "CVE-2002-0663",
"lastModified": "2024-11-20T23:39:35.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-26T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2002.07.15.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.atstake.com/research/advisories/2002/a071502-1.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9579.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/4366"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2002.07.15.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.atstake.com/research/advisories/2002/a071502-1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9579.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/4366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5237"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-19 18:07
Modified
2024-11-21 00:16
Severity ?
Summary
The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:client_security:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1DFD4CB-40A1-4D70-97AC-0941826F28CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.0.0_b8.01.9378:*:*:*:*:*:*:*",
"matchCriteriaId": "9A56518F-41E9-455D-9AC1-98FFDCE295C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C856CC4-0AAE-4539-A57B-0160AA5751F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.425a:mr1:*:*:*:*:*:*",
"matchCriteriaId": "9EE482AD-A0F8-4634-A3FE-08F112647648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.429c:mr2:*:*:*:*:*:*",
"matchCriteriaId": "B3FC66EB-2267-4B42-BD99-C4344DAE1C75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.434:mr3:*:*:*:*:*:*",
"matchCriteriaId": "BE15AE1D-8647-444F-90F0-FC658A3AC344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.437:*:*:*:*:*:*:*",
"matchCriteriaId": "0C03FA86-F2E6-4E41-8368-E917C91D7837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.446:mr4:*:*:*:*:*:*",
"matchCriteriaId": "95BF74F0-40F1-4395-AC85-E6B566950C53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.457:mr5:*:*:*:*:*:*",
"matchCriteriaId": "994CB184-AFE8-4673-ACE8-085813F1E71F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.460:mr6:*:*:*:*:*:*",
"matchCriteriaId": "85CF6FFB-4189-4558-A70D-DE6D4C0C1F82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.464:mr7:*:*:*:*:*:*",
"matchCriteriaId": "31D6A148-A92C-4FCA-8762-16764D62C363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.471:mr8:*:*:*:*:*:*",
"matchCriteriaId": "3E6E2EA2-88DA-4DF0-9AA3-3E3D2C80C04E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.0.1_build_8.01.501:mr9:*:*:*:*:*:*",
"matchCriteriaId": "AC1B69D3-8A9C-481E-8891-1ACD8479CBFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.0_build_8.01.9374:*:*:*:*:*:*:*",
"matchCriteriaId": "70D72649-92F9-4820-B5A5-A14B52714809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7483F6DD-EDC0-497E-A5A9-B186E02CCCEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA2590E-DFB0-4B72-99BC-B49AD97A4969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.1.1_build_393:*:*:*:*:*:*:*",
"matchCriteriaId": "766C850E-817E-41AB-B0FF-413513548BC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.1.1_mr1_build_8.1.1.314a:*:*:*:*:*:*:*",
"matchCriteriaId": "FB47C16B-5221-4D64-BDB2-65D072A66C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.1.1_mr2_build_8.1.1.319:*:*:*:*:*:*:*",
"matchCriteriaId": "204F2046-F116-45D7-9256-179A3B59886A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.1.1_mr3_build_8.1.1.323:*:*:*:*:*:*:*",
"matchCriteriaId": "CD0C67C0-3CF1-4BAD-A673-9B783E1D0724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.1.1_mr4_build_8.1.1.329:*:*:*:*:*:*:*",
"matchCriteriaId": "274EA5DA-9519-46DE-B11E-87BDF1978E14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.1.1_mr5_build_8.1.1.336:*:*:*:*:*:*:*",
"matchCriteriaId": "044C020A-0BCC-4037-BC32-73385A0BE019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.1.1_mr6_b8.1.1.266:*:*:*:*:*:*:*",
"matchCriteriaId": "9A0176BE-3D55-422B-9FDD-961A00CFAC19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.1_stm_b8.1.0.825a:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3D7305-B8D0-4165-9F0F-50A49142EF2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDD0E02-306D-4675-B73A-2C2F619CDDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.1_build_9.0.1.1000:mr1:*:*:*:*:*:*",
"matchCriteriaId": "D934F853-C7E0-421E-9AF3-B7B49228722F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.2_build_9.0.2.1000:mr2:*:*:*:*:*:*",
"matchCriteriaId": "D608AACF-A4BC-49CE-BE49-E8F3AEF31DC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.3_build_9.0.3.1000:mr3:*:*:*:*:*:*",
"matchCriteriaId": "3238894A-3C25-4CC8-A319-8AA7246FEC51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0.5_build_1100:*:*:*:*:*:*:*",
"matchCriteriaId": "69E9F1EE-CB23-42DE-8787-7F477D16329F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0_scf_7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C2D813-C219-4FF3-9C3B-DBB855480492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0_stm_build_9.0.0.338:*:*:*:*:*:*:*",
"matchCriteriaId": "A5A00A25-A52F-4E9D-AAD0-194171C772FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "844A6963-F60C-4D48-8445-9056C99201D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D24019B-20F0-4B4D-86A5-9409698E6216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:host_ids:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F05B889-88D3-41AF-A79D-3E2F689BA1AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2.1:*:ms_exchange:*:*:*:*:*",
"matchCriteriaId": "A9415109-C554-40F6-851E-CC016951BDF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.0:*:corporate:*:*:*:*:*",
"matchCriteriaId": "595CDCD1-4E0B-49E4-B726-82FAA99EF70A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.0.1:*:corporate:*:*:*:*:*",
"matchCriteriaId": "DBBAD310-3E2E-4E83-A605-47540668827F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.0.1.425a:*:corporate:*:*:*:*:*",
"matchCriteriaId": "F4341136-7821-4638-9F36-93361327250E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.0.1.425c:*:corporate:*:*:*:*:*",
"matchCriteriaId": "497BC653-98D7-41C5-94BB-2634B9C5BF55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.0.1.501:*:corporate:*:*:*:*:*",
"matchCriteriaId": "094EED2C-F8FA-418B-B110-E44D90B9BA33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.0.1.9374:*:corporate:*:*:*:*:*",
"matchCriteriaId": "15AEADC9-00B9-43BA-AABB-ADB7627CF0F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.0.1.9378:*:corporate:*:*:*:*:*",
"matchCriteriaId": "39D769B1-B1D6-4F5C-9C66-00055D4A6618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.1:*:corporate:*:*:*:*:*",
"matchCriteriaId": "3AA02AEB-362B-4A09-92E3-D6D8BB4B6CB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.1.0.825a:*:corporate:*:*:*:*:*",
"matchCriteriaId": "3A82AC27-8BE6-47F7-A6EC-F4C21373AA58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.1.1:*:corporate:*:*:*:*:*",
"matchCriteriaId": "ECAA6170-5520-4AA9-8358-5F91FD10420E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.1.1.319:*:corporate:*:*:*:*:*",
"matchCriteriaId": "E626F14C-FDE9-4C6A-8CE7-B99CD4FEE485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.1.1.323:*:corporate:*:*:*:*:*",
"matchCriteriaId": "EC4CFE5A-4D51-405D-B92E-37DE4E617ABE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.1.1.329:*:corporate:*:*:*:*:*",
"matchCriteriaId": "727A116A-D18C-4F3F-A6A8-2C6107FFB8C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.1.1.366:*:corporate:*:*:*:*:*",
"matchCriteriaId": "EAE76215-2A7E-4D71-8757-AE10E4A9AE0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.1.1.377:*:corporate:*:*:*:*:*",
"matchCriteriaId": "AF45DF9D-D7BE-41AD-A838-0AF9A264EBFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.1.1_build8.1.1.314a:*:corporate:*:*:*:*:*",
"matchCriteriaId": "4A6612F1-4CA8-427A-AED4-854F943BA3D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.1.1_build393:*:corporate:*:*:*:*:*",
"matchCriteriaId": "902A4011-83C5-4A3B-B443-C51EA855E8E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.01.434:*:corporate:*:*:*:*:*",
"matchCriteriaId": "8BB225A0-7FB9-4AD2-8ED2-5CC1AEBAAB3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.01.437:*:corporate:*:*:*:*:*",
"matchCriteriaId": "9603C423-F24A-4607-B721-D02EDA94AE8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.01.446:*:corporate:*:*:*:*:*",
"matchCriteriaId": "574AAAA6-8181-457B-84CE-5AEB1895E3B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.01.457:*:corporate:*:*:*:*:*",
"matchCriteriaId": "DF957AD3-B6E5-4BD7-832F-33E734817B77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.01.460:*:corporate:*:*:*:*:*",
"matchCriteriaId": "14D862F4-BE5F-4E6B-9955-ACFB48A5D3B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.01.464:*:corporate:*:*:*:*:*",
"matchCriteriaId": "768B7F5E-E4AD-420E-92FA-A58E1AE3D1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:8.01.471:*:corporate:*:*:*:*:*",
"matchCriteriaId": "C15B7FEA-E6A9-4DBE-B1A9-E17E91512A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0:*:corporate:*:*:*:*:*",
"matchCriteriaId": "D9E85FD6-9E89-4497-854C-60A20639CE52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.0.338:*:corporate:*:*:*:*:*",
"matchCriteriaId": "91F70069-D0F2-41D8-862F-2162CE12D49F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.1.1.1000:*:corporate:*:*:*:*:*",
"matchCriteriaId": "EDF0DA40-1AC4-4610-AEAC-F431E23BAEAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.2.1000:*:corporate:*:*:*:*:*",
"matchCriteriaId": "5696AC09-E8BB-4060-9A81-EA2B190B850A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.3.1000:*:corporate:*:*:*:*:*",
"matchCriteriaId": "C18E6605-5F86-4957-AE16-80F59F40110E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.4:*:corporate:*:*:*:*:*",
"matchCriteriaId": "56D54011-9B09-4C63-8301-609C03E51099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.5:*:corporate:*:*:*:*:*",
"matchCriteriaId": "9EF7F7F6-FC6B-4258-AE1D-3E4C19B365B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.5.1100:*:corporate:*:*:*:*:*",
"matchCriteriaId": "A10DA055-1F24-4AFD-A688-58D1DB4FB64A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0:*:corporate:*:*:*:*:*",
"matchCriteriaId": "CAC5389A-8B18-40C4-A3E0-E50B6AA724FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2000:*:corporate:*:*:*:*:*",
"matchCriteriaId": "88090CD5-A324-4A41-A55E-9381FBC14B62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2001:*:corporate:*:*:*:*:*",
"matchCriteriaId": "78E79E4D-E93B-4C6C-92EE-1E33EE1AEB55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2002:*:corporate:*:*:*:*:*",
"matchCriteriaId": "F6E6EC72-9B83-4685-B48E-25E4211EC280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2010:*:corporate:*:*:*:*:*",
"matchCriteriaId": "275187A5-FB3A-41C2-A6F4-F2DC9D88D0DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2011:*:corporate:*:*:*:*:*",
"matchCriteriaId": "A7F0C0E9-9665-452E-A382-04656F2009AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2020:*:corporate:*:*:*:*:*",
"matchCriteriaId": "6A220194-CCB1-41F6-9CB0-A79C2E5E36FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2021:*:corporate:*:*:*:*:*",
"matchCriteriaId": "4D3CBEF5-25C6-41E8-97A3-2AA43134E619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1:*:corporate:*:*:*:*:*",
"matchCriteriaId": "81AE594C-41ED-4FE8-839D-B604AE8DC901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "34B1D862-2CB4-4D50-9BBA-0507FEAA1924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2003:*:professional:*:*:*:*:*",
"matchCriteriaId": "7D43A376-4282-4A66-860D-50483438EC80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2004:*:professional:*:*:*:*:*",
"matchCriteriaId": "C2E302A4-72F8-478B-9FA2-2536902986B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "11477B6E-C4C5-4664-91A7-D253077981F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "44843812-35FC-4378-B239-EEC74A0C8A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "C988B309-F397-412A-8570-C3823C7FE7E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF97C5F-3A80-4973-85FD-5BCE43B32AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2003:*:professional:*:*:*:*:*",
"matchCriteriaId": "EF583EBF-0FDC-45FD-ADAE-C38D9DB34ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACBDE0C-91D2-4357-9724-B60BBFF5D2B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2004:*:professional:*:*:*:*:*",
"matchCriteriaId": "09CA1AC8-E273-44C1-9D1C-19542EB57433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "06C7CD61-A47B-4521-8C6F-4BB1F4C95614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2005:*:professional:*:*:*:*:*",
"matchCriteriaId": "E4BBE123-56E1-46E0-93BE-38F0932D9C63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2006:*:professional:*:*:*:*:*",
"matchCriteriaId": "1DE91FB9-35C3-4DC7-BE00-7C60EE9FD880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "692ECBCD-AB6B-4965-93F4-BDAD4777C018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "74E5CAF7-C305-4FAF-8DA7-627D83F65185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "36C0FF0C-EB6E-479B-BFF9-E55CBC0D6500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "CB5F3CB3-7EB3-416C-AD2F-6357DC7248CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "C890A979-00E7-44E6-8CEA-8E4B2C966622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2003_professional_edition:*:*:*:*:*:*:*",
"matchCriteriaId": "79F3EAD1-C4DA-48E8-A582-A14F4401AD15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "F589D9AA-FD1B-4929-93DC-801C36087E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2004_professional_edition:*:*:*:*:*:*:*",
"matchCriteriaId": "C37BF3DA-FD23-49A1-B97D-FD3B5896574D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "29F670F0-FD5D-447C-94B8-691482D907F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2005_premier:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E481D2-87F3-4912-BB87-5168C6A1BE23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "05EB078C-2538-4961-ABFF-6C4601C3977F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:pcanywhere:11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A496D973-4BC8-4377-8C84-8F2CB281AEE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \\Device\\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data."
},
{
"lang": "es",
"value": "El driver \\Device\\SymEvent en Symantec Norton Personal Firewall 2006 9.1.0.33, y otras versiones del Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, y 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0 y 10.1, Symantec pcAnywhere 11.5 y Symantec Host, permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda del sistema) v\u00eda una informaci\u00f3n inv\u00e1lida, como ha sido demostrado llamando a DeviceIoControl para enviar la informaci\u00f3n."
}
],
"id": "CVE-2006-4855",
"lastModified": "2024-11-21T00:16:54.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-19T18:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21938"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1591"
},
{
"source": "cve@mitre.org",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016889"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016892"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016893"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016894"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016895"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016896"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016897"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016898"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/446111/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/20051"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3636"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21938"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.09.20a.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016893"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016895"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.matousec.com/info/advisories/Norton-Insufficient-validation-of-SymEvent-driver-input-buffer.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/446111/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/20051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28960"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-05-16 20:30
Modified
2024-11-21 00:28
Severity ?
Summary
Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | norton_internet_security | 2004 | |
| symantec | norton_personal_firewall | 2004 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACBDE0C-91D2-4357-9724-B60BBFF5D2B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "36C0FF0C-EB6E-479B-BFF9-E55CBC0D6500",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el control ActiveX ISAlertDataCOM, en ISLALERT.DLL para Norton Personal Firewall 2004 e Internet Security 2004 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante argumentos largos para las funciones (1) Get y (2) Set."
}
],
"id": "CVE-2007-1689",
"lastModified": "2024-11-21T00:28:55.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-05-16T20:30:00.000",
"references": [
{
"source": "cret@cert.org",
"url": "http://osvdb.org/36164"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25290"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/983953"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/archive/1/468779/100/0/threaded"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/23936"
},
{
"source": "cret@cert.org",
"url": "http://www.securitytracker.com/id?1018073"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.05.16.html"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2007/1843"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/983953"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/468779/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.05.16.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34328"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-30 23:59
Modified
2024-11-21 02:48
Severity ?
Summary
The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted CAB file that is mishandled during decompression.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@symantec.com | http://www.securityfocus.com/bid/91438 | Third Party Advisory, VDB Entry | |
| secure@symantec.com | http://www.securitytracker.com/id/1036198 | Third Party Advisory, VDB Entry | |
| secure@symantec.com | http://www.securitytracker.com/id/1036199 | Third Party Advisory, VDB Entry | |
| secure@symantec.com | https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/91438 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036198 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036199 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18E0EBEA-966E-4A26-82F8-2451BBE2996D",
"versionEndIncluding": "7.0.4",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E786080F-C93C-4AAF-9752-6174E0F12D0A",
"versionEndIncluding": "7.5.4",
"versionStartIncluding": "7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:6.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9042F0E1-F41D-4A9F-A3E8-07B2626B433F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_power_eraser:*:*:*:*:*:*:*:*",
"matchCriteriaId": "679C5062-D79D-4FE2-8764-9D6FFB1A87D6",
"versionEndIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:protection_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56A57E41-7739-490E-ADD2-05B006148223",
"versionEndIncluding": "7.0.5",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD8F7EBB-8ACA-471F-9557-2A3C8E14A05F",
"versionEndIncluding": "7.5.4",
"versionStartIncluding": "7.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "580CEE93-D3FA-4D94-909B-DCBD18889E7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1:*:*:*:*:*:*",
"matchCriteriaId": "40DAC718-5E21-4616-AA68-F46E9D0DC5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1a:*:*:*:*:*:*",
"matchCriteriaId": "9F6B238A-F29B-4FBD-8212-4ECEA485CBCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp2:*:*:*:*:*:*",
"matchCriteriaId": "E94A3EEE-61B5-47CD-B880-9E09F56BDAD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp3:*:*:*:*:*:*",
"matchCriteriaId": "1FF40801-FB4E-4708-85BD-CF22AB67AEE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:*:*:*",
"matchCriteriaId": "9844DFD0-3834-4E3C-BE61-D7C1A6D5C76D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:message_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D9E9B7-0F13-4D0F-95CB-3ECEABBD6E44",
"versionEndIncluding": "10.6.1-3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40F434A2-9094-46E3-8A2C-E166FE2D296A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A58C09D-72A0-48E1-ABF0-49EBECA5D02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24796276-EB93-4499-AF41-E7608CB211B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3937479-A204-4308-901A-CF423667CB24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_security_with_backup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "740DB7AB-6027-4232-85AD-F30B37826B35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:ngc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7A6B2-C4B9-4CA3-93E7-77737C29744E",
"versionEndIncluding": "22.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:message_gateway_for_service_providers:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "361DA2D7-C3CC-41A2-A39D-4DA2AFE31A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:message_gateway_for_service_providers:10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "00B021EA-7B32-461A-9937-58AA646B62EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_bootable_removal_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64EFED02-BE21-40C2-B9DF-E2DEFE675A9F",
"versionEndIncluding": "2016.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC90DD4-8E70-4C5E-999C-C5E1F7483181",
"versionEndIncluding": "8.0.9",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFC2C12-8952-4D10-A8DF-6F1092DEADD6",
"versionEndIncluding": "8.1.3",
"versionStartIncluding": "8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A33DC725-184F-47DA-BE64-D90540B3B7AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.0:mp1:*:*:*:*:*:*",
"matchCriteriaId": "36039D60-BB6E-4701-B90E-D2954600386D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2CFC20B-2B5D-4E00-B62A-A95B593544DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.5:mp1:*:*:*:*:*:*",
"matchCriteriaId": "39B85357-FE30-4BC2-8A2C-CE9C4383C777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AF15255A-1818-4554-86F6-C553087DBCBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.6:mp1:*:*:*:*:*:*",
"matchCriteriaId": "24823086-8771-4495-8DCB-47F1AF27988E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_security:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "0C78C906-E9C6-4068-9A6F-3998E7741059",
"versionEndIncluding": "13.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:advanced_threat_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6239DAA-EEB3-4483-9DAD-BC0D571BF29A",
"versionEndIncluding": "2.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.03:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB9099B-FB1D-439B-BEAC-23D199542256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.04:*:*:*:*:*:*:*",
"matchCriteriaId": "4AED9F60-CCEA-43EF-93B4-2C13F5574BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "24F42E84-1AB9-45CF-ABE7-17911915606A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A5393B-BC84-4590-9779-3A6752EC767F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:csapi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B105323B-438B-4506-9575-5D55AB837D53",
"versionEndIncluding": "10.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1:*:*:*:*:*:*",
"matchCriteriaId": "40DAC718-5E21-4616-AA68-F46E9D0DC5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1a:*:*:*:*:*:*",
"matchCriteriaId": "9F6B238A-F29B-4FBD-8212-4ECEA485CBCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp2:*:*:*:*:*:*",
"matchCriteriaId": "E94A3EEE-61B5-47CD-B880-9E09F56BDAD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp3:*:*:*:*:*:*",
"matchCriteriaId": "1FF40801-FB4E-4708-85BD-CF22AB67AEE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:*:*:*",
"matchCriteriaId": "9844DFD0-3834-4E3C-BE61-D7C1A6D5C76D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted CAB file that is mishandled during decompression."
},
{
"lang": "es",
"value": "El motor AntiVirus Decomposer en Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x hasta la versi\u00f3n 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) en versiones anteriores a 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) para Mac; Symantec Endpoint Protection (SEP) para Linux en versiones anteriores a 12.1 RU6 MP5; Symantec Protection Engine (SPE) en versiones anteriores a 7.0.5 HF01, 7.5.x en versiones anteriores a 7.5.3 HF03, 7.5.4 en versiones anteriores a HF01 y 7.8.0 en versiones anteriores a HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 hasta la versi\u00f3n 6.0.5 en versiones anteriores a 6.0.5 HF 1.5 y 6.0.6 en versiones anteriores a HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) en versiones anteriores a 7.0_3966002 HF1.1 y 7.5.x en versiones anteriores a 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) en versiones anteriores a 8.0.9 HF1.1 y 8.1.x en versiones anteriores a 8.1.3 HF1.2; CSAPI en versiones anteriores a 10.0.4 HF01; Symantec Message Gateway (SMG) en versiones anteriores a 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 en versiones anteriores a patch 254 y 10.6 en versiones anteriores a patch 253; Norton AntiVirus, Norton Security, Norton Internet Security y Norton 360 en versiones anteriores a NGC 22.7; Norton Security para Mac en versiones anteriores a 13.0.2; Norton Power Eraser (NPE) en versiones anteriores a 5.1 y Norton Bootable Removal Tool (NBRT) en versiones anteriores a 2016.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un archivo CAB manipulado que es manejado incorrectamente durante la descompresi\u00f3n."
}
],
"id": "CVE-2016-2211",
"lastModified": "2024-11-21T02:48:03.083",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-30T23:59:04.730",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91438"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036198"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036199"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-29 15:30
Modified
2024-11-21 01:02
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus (SAV) before 10.1 MR8, Symantec Endpoint Protection (SEP) 11.0 before 11.0 MR1, Norton 360 1.0, and Norton Internet Security 2005 through 2008, allow remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, related to "two parsing errors."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | antivirus | * | |
| symantec | antivirus | 10.0 | |
| symantec | antivirus | 10.0.1 | |
| symantec | antivirus | 10.0.1.1 | |
| symantec | antivirus | 10.0.2 | |
| symantec | antivirus | 10.0.2.1 | |
| symantec | antivirus | 10.0.2.2 | |
| symantec | antivirus | 10.0.3 | |
| symantec | antivirus | 10.0.4 | |
| symantec | antivirus | 10.0.5 | |
| symantec | antivirus | 10.0.6 | |
| symantec | antivirus | 10.0.7 | |
| symantec | antivirus | 10.0.8 | |
| symantec | antivirus | 10.0.9 | |
| symantec | endpoint_protection | 11.0 | |
| symantec | norton_360 | 1.0 | |
| symantec | norton_internet_security | 2005 | |
| symantec | norton_internet_security | 2005 | |
| symantec | norton_internet_security | 2005 | |
| symantec | norton_internet_security | 2005 | |
| symantec | norton_internet_security | 2005 | |
| symantec | norton_internet_security | 2005_contains_nav_11.0.0 | |
| symantec | norton_internet_security | 2006 | |
| symantec | norton_internet_security | 2006 | |
| symantec | norton_internet_security | 2007 | |
| symantec | norton_internet_security | 2008 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:antivirus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F1EF45-537A-4656-BDE8-FA9383A75676",
"versionEndIncluding": "10.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E02FE2FB-514A-48F9-8833-B1EF4CC1E27E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BD10A73-3DEF-48BD-9B35-D2BF791560E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03684DB6-9DC6-4EDD-902F-D1EC160330ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "64D38110-4B50-472E-9743-52A137F2ED93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1004A37-D22B-4690-8625-B631595C8B0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FE7A5EDA-F1FF-4F66-BC78-DC6429D301CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2A664090-5993-4DF2-AD6B-0F4867DB98B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "079D24C8-27D6-4794-8E56-58A7885DFE87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "732CB44D-7468-486A-85CA-FA1365DB0F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E236C99A-D524-462A-BD8E-97A07B3BFC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "37456791-164A-489B-A905-8B61C6F91BAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C39155B8-55BD-4B58-85DB-505876930A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "287B278D-A114-4795-8934-64E3C4472481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E269D396-3A70-4C4B-9D79-CBBA75C280D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_360:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00819E08-CC5C-48FC-9F80-95B68AB19C65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2005:*:anti_spyware:*:*:*:*:*",
"matchCriteriaId": "803641B7-E099-4CE8-B805-DBB338479E23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2005:*:professional:*:*:*:*:*",
"matchCriteriaId": "E4BBE123-56E1-46E0-93BE-38F0932D9C63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2005:11.0:*:*:*:*:*:*",
"matchCriteriaId": "F39AE3D7-7018-47AB-B332-D40EA5273CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2005:11.0.9:*:*:*:*:*:*",
"matchCriteriaId": "82446BA3-92F9-4689-9D67-3CE159AA0F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2005:11.5.6.14:*:*:*:*:*:*",
"matchCriteriaId": "98F9F2E3-1775-4EF9-9FE0-0D011307C269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2005_contains_nav_11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7FE1A0A-4352-459A-892D-29AB14AA3B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CC64B1-772C-42A9-9B0A-08CA92DC87E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2006:*:professional:*:*:*:*:*",
"matchCriteriaId": "1DE91FB9-35C3-4DC7-BE00-7C60EE9FD880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "692ECBCD-AB6B-4965-93F4-BDAD4777C018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF87752-C86D-4C89-9DE9-F874068C89EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus (SAV) before 10.1 MR8, Symantec Endpoint Protection (SEP) 11.0 before 11.0 MR1, Norton 360 1.0, and Norton Internet Security 2005 through 2008, allow remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, related to \"two parsing errors.\""
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en ccLgView.exe en Symantec Log Viewer, utilizado en Symantec AntiVirus (SAV), anterior a v10.1 MR8, Symantec Endpoint Protection (SEP) v11.0 anteriores a v11.0 MR1, Norton 360 v1.0, y Norton Internet Security 2005 hasta 2008, permite a atacantes remotos inyectar HTML o scripts web arbitrarios a su elecci\u00f3n a trav\u00e9s de un mensaje de correo electr\u00f3nico elaborado ,relacionadas con \"dos errores de an\u00e1lisis sint\u00e1ctico.\""
}
],
"id": "CVE-2009-1428",
"lastModified": "2024-11-21T01:02:26.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-29T15:30:00.203",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/54132"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34936"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34669"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022133"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022134"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022135"
},
{
"source": "cve@mitre.org",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090428_01"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1203"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/54132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090428_01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50170"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-22 21:28
Modified
2024-11-21 00:22
Severity ?
Summary
Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| supportsoft | scriptrunner | * | |
| supportsoft | smartissue | * | |
| symantec | automated_support_assistant | * | |
| symantec | norton_antivirus | 2006 | |
| symantec | norton_internet_security | 2006 | |
| symantec | norton_system_works | 2006 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:supportsoft:scriptrunner:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98D33388-F9B0-4901-AB69-D68BB3856336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:supportsoft:smartissue:*:*:*:*:*:*:*:*",
"matchCriteriaId": "81D23C4B-6BD4-4355-8F5E-793EBFB6C19A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:automated_support_assistant:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B0CDB6-4DB2-4F75-B408-7E8EC39446FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "44843812-35FC-4378-B239-EEC74A0C8A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CC64B1-772C-42A9-9B0A-08CA92DC87E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "05EB078C-2538-4961-ABFF-6C4601C3977F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamiento de b\u00fafer en los controles ActiveX de SupportSoft (1) SmartIssue (tgctlsi.dll) y (2) ScriptRunner (tgctlsr.dll), tal y como se usan en Symantec Automated Support Assistant y Norton AntiVirus, Internet Security, y System Works 2006, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un mensaje HTML manipulado."
}
],
"id": "CVE-2006-6490",
"lastModified": "2024-11-21T00:22:48.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-22T21:28:00.000",
"references": [
{
"source": "cret@cert.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html"
},
{
"source": "cret@cert.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478"
},
{
"source": "cret@cert.org",
"url": "http://osvdb.org/33481"
},
{
"source": "cret@cert.org",
"url": "http://osvdb.org/33482"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/24246"
},
{
"source": "cret@cert.org",
"url": "http://secunia.com/advisories/24251"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/441785"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/archive/1/461147/100/0/threaded"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/bid/22564"
},
{
"source": "cret@cert.org",
"url": "http://www.securitytracker.com/id?1017688"
},
{
"source": "cret@cert.org",
"url": "http://www.securitytracker.com/id?1017689"
},
{
"source": "cret@cert.org",
"url": "http://www.securitytracker.com/id?1017690"
},
{
"source": "cret@cert.org",
"url": "http://www.securitytracker.com/id?1017691"
},
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.02.22.html"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2007/0703"
},
{
"source": "cret@cert.org",
"url": "http://www.vupen.com/english/advisories/2007/0704"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24251"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/441785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/461147/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017691"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.symantec.com/avcenter/security/Content/2007.02.22.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32636"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (CPU consumption and system crash) by renaming a file on a network share.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | norton_antivirus | 2.1 | |
| symantec | norton_antivirus | 2005 | |
| symantec | norton_internet_security | 2004 | |
| symantec | norton_internet_security | 2005 | |
| symantec | norton_system_works | 2004_professional | |
| symantec | norton_system_works | 2005_premier |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2.1:*:ms_exchange:*:*:*:*:*",
"matchCriteriaId": "A9415109-C554-40F6-851E-CC016951BDF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "11477B6E-C4C5-4664-91A7-D253077981F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2004:*:professional:*:*:*:*:*",
"matchCriteriaId": "09CA1AC8-E273-44C1-9D1C-19542EB57433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "06C7CD61-A47B-4521-8C6F-4BB1F4C95614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2004_professional:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EEBC3A-58D9-4107-9561-106A9F3B0C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2005_premier:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E481D2-87F3-4912-BB87-5168C6A1BE23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (CPU consumption and system crash) by renaming a file on a network share."
}
],
"id": "CVE-2005-0923",
"lastModified": "2024-11-20T23:56:11.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/14741"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1013585"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1013586"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1013587"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/713620"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12924"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/14741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1013585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1013586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1013587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/713620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12924"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-04-15 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers to execute arbitrary programs via the LaunchURL method.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | norton_internet_security | 2004 | |
| symantec | norton_internet_security | 2004 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACBDE0C-91D2-4357-9724-B60BBFF5D2B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2004:*:professional:*:*:*:*:*",
"matchCriteriaId": "09CA1AC8-E273-44C1-9D1C-19542EB57433",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers to execute arbitrary programs via the LaunchURL method."
},
{
"lang": "es",
"value": "El componente Activex WrWrapNISUM (WrapUM.dll) de Norton Internet Security 2004 est\u00e1 marcado como seguro para secuencias de comandos, lo que permite a atacantes remotos ejecutar programas arbitrarios mediante el m\u00e9todo LaunchURL."
}
],
"id": "CVE-2004-0364",
"lastModified": "2024-11-20T23:48:25.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-04-15T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107970885922442\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107980262324362\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11168"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/549054"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.nextgenss.com/advisories/nisrce.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.sarc.com/avcenter/security/Content/2004.03.19.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9915"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107970885922442\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107980262324362\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/549054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.nextgenss.com/advisories/nisrce.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.sarc.com/avcenter/security/Content/2004.03.19.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15538"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-07-07 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allow remote attackers to cause a denial of service or execute arbitrary code via (1) a manipulated length byte in the first-level decoding routine for NetBIOS Name Service (NBNS) that modifies an index variable and leads to a stack-based buffer overflow, (2) a heap-based corruption problem in an NBNS response that is missing certain RR fields, and (3) a stack-based buffer overflow in the DNS component via a Resource Record (RR) with a long canonical name (CNAME) field composed of many smaller components.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | client_firewall | 5.01 | |
| symantec | client_firewall | 5.1.1 | |
| symantec | client_security | 1.0 | |
| symantec | client_security | 1.1 | |
| symantec | client_security | 1.2 | |
| symantec | client_security | 1.3 | |
| symantec | client_security | 1.4 | |
| symantec | client_security | 1.5 | |
| symantec | client_security | 1.6 | |
| symantec | client_security | 1.7 | |
| symantec | client_security | 1.8 | |
| symantec | client_security | 1.9 | |
| symantec | client_security | 2.0 | |
| symantec | norton_antispam | 2004 | |
| symantec | norton_internet_security | 2002 | |
| symantec | norton_internet_security | 2002 | |
| symantec | norton_internet_security | 2003 | |
| symantec | norton_internet_security | 2003 | |
| symantec | norton_internet_security | 2004 | |
| symantec | norton_internet_security | 2004 | |
| symantec | norton_personal_firewall | 2002 | |
| symantec | norton_personal_firewall | 2003 | |
| symantec | norton_personal_firewall | 2004 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:client_firewall:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "4AEFBAEB-18D4-4082-9F19-C47113841C89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_firewall:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EA9657C-14D2-418A-AABD-96392E87F4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1DFD4CB-40A1-4D70-97AC-0941826F28CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7483F6DD-EDC0-497E-A5A9-B186E02CCCEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "102D0C6A-31B8-4275-A805-4CA446D1C77F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA18147D-E618-4902-8837-5824240DD50E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "75D357CC-EAD0-42E3-B38C-BE2DC44D154E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "201403B4-3B5C-4F77-ADAE-7A553D4D58F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D19926-AB65-4C06-8C44-7EA9B070FD1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F27E94F-F6D6-4C40-878F-BF952658A909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3AA71038-2D4E-4366-A3D1-AD85251B3E5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CC689F12-84C6-4B52-970F-DAF6B00B4A42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDD0E02-306D-4675-B73A-2C2F619CDDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antispam:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "EA28BC22-ABF0-4F1E-BA83-85B398775450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "F05FEBA2-33E8-4074-8B57-4FE6FFEF2F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2002:*:pro:*:*:*:*:*",
"matchCriteriaId": "A5FA0458-AB41-495E-B41F-C18B4E6876CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF97C5F-3A80-4973-85FD-5BCE43B32AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2003:*:pro:*:*:*:*:*",
"matchCriteriaId": "1F0BF645-7C56-4ED6-91C0-AE4CFAB62EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACBDE0C-91D2-4357-9724-B60BBFF5D2B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2004:*:pro:*:*:*:*:*",
"matchCriteriaId": "D7875372-44D7-47AB-8F8C-4A3AB98FB3B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2002:*:*:*:*:*:*:*",
"matchCriteriaId": "898D5369-E2F3-450C-8554-1C692EAA9906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "74E5CAF7-C305-4FAF-8DA7-627D83F65185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "36C0FF0C-EB6E-479B-BFF9-E55CBC0D6500",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allow remote attackers to cause a denial of service or execute arbitrary code via (1) a manipulated length byte in the first-level decoding routine for NetBIOS Name Service (NBNS) that modifies an index variable and leads to a stack-based buffer overflow, (2) a heap-based corruption problem in an NBNS response that is missing certain RR fields, and (3) a stack-based buffer overflow in the DNS component via a Resource Record (RR) with a long canonical name (CNAME) field composed of many smaller components."
},
{
"lang": "es",
"value": "M\u00faltiples vulenrabilidades en SYMDNS.SYS de Symantec Noton Internet Security y Professional 2002 a 2004, Norton Persnoal Firewall 2002 a 2004, Norton AntiSpam 2004, Client Firewal 5.01 y 5.1.1, y Client Security 1.0 a 2.0 permite a atacantes remotos causar una denegaci\u00f3n de servicio o ejecutar c\u00f3digo de su elecci\u00f3n mediante \r\n(1) un byte de longitud manipulado en la rutina de decodificaci\u00f3n de primer nivel del Servicio de Nombres de NetBIOS (NBNS) que modifica una variable de \u00edndice que conduce a un desbordamiento de b\u00fafer en la pila,\r\n(2) un problema de corrupci\u00f3n del mont\u00f3n en una respuesta NBNS a la que le faltan ciertos campor RR, y \r\n(3) un desbordamiento de b\u00fafer basado en la pila en el componente DNS mediante un Registro de Recurso (RR) con un nombre can\u00f3nico (CNAME) largo compuest de muchos componentes m\u00e1s peque\u00f1os."
}
],
"id": "CVE-2004-0444",
"lastModified": "2024-11-20T23:48:35.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-07-07T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021360.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021361.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021362.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11066"
},
{
"source": "cve@mitre.org",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1010144"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1010145"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1010146"
},
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/o-141.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/294998"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/634414"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/637318"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6099"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6101"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6102"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/10333"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/10334"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/10335"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16134"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16135"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021360.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021361.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021362.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.05.12.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1010144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1010145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1010146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/o-141.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/294998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/634414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/637318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6102"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/10333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/10334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/10335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16137"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 and 1.1 allow remote attackers to cause a denial of service (infinite loop) via a TCP packet with (1) SACK option or (2) Alternate Checksum Data option followed by a length of zero.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | client_firewall | 5.01 | |
| symantec | client_firewall | 5.1.1 | |
| symantec | client_security | 1.0 | |
| symantec | client_security | 1.1 | |
| symantec | norton_internet_security | 2003 | |
| symantec | norton_internet_security | 2003 | |
| symantec | norton_internet_security | 2004 | |
| symantec | norton_internet_security | 2004 | |
| symantec | norton_personal_firewall | 2003 | |
| symantec | norton_personal_firewall | 2004 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:client_firewall:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "4AEFBAEB-18D4-4082-9F19-C47113841C89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_firewall:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EA9657C-14D2-418A-AABD-96392E87F4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1DFD4CB-40A1-4D70-97AC-0941826F28CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7483F6DD-EDC0-497E-A5A9-B186E02CCCEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF97C5F-3A80-4973-85FD-5BCE43B32AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2003:*:pro:*:*:*:*:*",
"matchCriteriaId": "1F0BF645-7C56-4ED6-91C0-AE4CFAB62EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "2ACBDE0C-91D2-4357-9724-B60BBFF5D2B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2004:*:pro:*:*:*:*:*",
"matchCriteriaId": "D7875372-44D7-47AB-8F8C-4A3AB98FB3B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2003:*:*:*:*:*:*:*",
"matchCriteriaId": "74E5CAF7-C305-4FAF-8DA7-627D83F65185",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "36C0FF0C-EB6E-479B-BFF9-E55CBC0D6500",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 and 1.1 allow remote attackers to cause a denial of service (infinite loop) via a TCP packet with (1) SACK option or (2) Alternate Checksum Data option followed by a length of zero."
},
{
"lang": "es",
"value": "SIMNDIS.SYS en Symantec Norton Internet Securiy 2003 y 2004, Norton Personal Firewall 2003 y 2004, Client Firewall 5.01 y 5.1.1, y Client Security 1.0 y 1.1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (bucle infinito) mediante un paquete TCP con (1) opci\u00f3n SACK o (2) opci\u00f3n Suma de Comprobaci\u00f3n de Datos Alternativa seguida por una longitud cero."
}
],
"id": "CVE-2004-0375",
"lastModified": "2024-11-20T23:48:26.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-18T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108275582432246\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1009379"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1009380"
},
{
"source": "cve@mitre.org",
"url": "http://www.eeye.com/html/Research/Upcoming/20040309.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9912"
},
{
"source": "cve@mitre.org",
"url": "http://www.symantec.com/avcenter/security/Content/2004.04.20.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15433"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108275582432246\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1009379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1009380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.eeye.com/html/Research/Upcoming/20040309.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9912"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/avcenter/security/Content/2004.04.20.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15936"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-08 17:05
Modified
2024-11-21 00:41
Severity ?
Summary
Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | windows | * | |
| symantec | norton_360 | 1.0 | |
| symantec | norton_antivirus | 2006 | |
| symantec | norton_antivirus | 2007 | |
| symantec | norton_antivirus | 2008 | |
| symantec | norton_internet_security | 2006 | |
| symantec | norton_internet_security | 2007 | |
| symantec | norton_internet_security | 2008 | |
| symantec | norton_system_works | 2006 | |
| symantec | norton_system_works | 2007 | |
| symantec | norton_system_works | 2008 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_360:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00819E08-CC5C-48FC-9F80-95B68AB19C65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "44843812-35FC-4378-B239-EEC74A0C8A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "C988B309-F397-412A-8570-C3823C7FE7E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "FA990FD5-DF2F-470A-936D-155A36BEDE3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CC64B1-772C-42A9-9B0A-08CA92DC87E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "692ECBCD-AB6B-4965-93F4-BDAD4777C018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF87752-C86D-4C89-9DE9-F874068C89EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "05EB078C-2538-4961-ABFF-6C4601C3977F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "92039406-19AB-43C6-97AE-3D7C13FD8AD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "22CAEA36-93A4-48F5-B093-6DD843BB9FE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el AutoFix Support Tool ActiveX control 2.7.0.1 en SYMADATA.DLL de m\u00faltiples productos de Symantec Norton, incluyendo Norton 360 1.0, AntiVirus 2006 hasta 2008, Internet Security 2006 hasta 2008, y System Works 2006 hasta 2008; permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un argumento largo al m\u00e9todo GetEventLogInfo. NOTA: Algunos de estos detalles se han obtenido de informaci\u00f3n de terceros."
}
],
"id": "CVE-2008-0312",
"lastModified": "2024-11-21T00:41:38.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-04-08T17:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=677"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29660"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28507"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1019751"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1019752"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1019753"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1077/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/28507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1019751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1019752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securitytracker.com/id?1019753"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1077/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41629"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-10-27 05:00
Modified
2024-11-20 23:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Symantec Norton Internet Security 2003 6.0.4.34 allows remote attackers to inject arbitrary web script or HTML via a URL to a blocked site, which is displayed on the blocked sites error page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | norton_internet_security | 2003_6.0.4.34 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2003_6.0.4.34:*:*:*:*:*:*:*",
"matchCriteriaId": "32525945-436C-4BD9-BF63-953ABEA8DEF0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Symantec Norton Internet Security 2003 6.0.4.34 allows remote attackers to inject arbitrary web script or HTML via a URL to a blocked site, which is displayed on the blocked sites error page."
}
],
"id": "CVE-2003-1149",
"lastModified": "2024-11-20T23:46:28.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-10-27T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/10067"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2003.10.27.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.osvdb.org/2714"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/342548"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8904"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/10067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2003.10.27.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.osvdb.org/2714"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/342548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13528"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-15 21:30
Modified
2024-11-21 00:33
Severity ?
Summary
Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\symTDI\, which results in memory overwrite.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | client_security | 2.0 | |
| symantec | client_security | 3.0 | |
| symantec | client_security | 3.1 | |
| symantec | norton_antispam | 2005 | |
| symantec | norton_antivirus | 9.0 | |
| symantec | norton_antivirus | 9.0.0.338 | |
| symantec | norton_antivirus | 9.0.1 | |
| symantec | norton_antivirus | 9.0.1.1.1000 | |
| symantec | norton_antivirus | 9.0.1.1000 | |
| symantec | norton_antivirus | 9.0.2 | |
| symantec | norton_antivirus | 9.0.2.1000 | |
| symantec | norton_antivirus | 9.0.3.1000 | |
| symantec | norton_antivirus | 9.0.4 | |
| symantec | norton_antivirus | 9.0.5 | |
| symantec | norton_antivirus | 9.0.5.1100 | |
| symantec | norton_antivirus | 10.0 | |
| symantec | norton_antivirus | 10.1 | |
| symantec | norton_antivirus | 2005 | |
| symantec | norton_antivirus | 2006 | |
| symantec | norton_internet_security | 2005 | |
| symantec | norton_internet_security | 2006 | |
| symantec | norton_personal_firewall | 2005 | |
| symantec | norton_personal_firewall | 2006 | |
| symantec | norton_system_works | 2005 | |
| symantec | norton_system_works | 2006 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDD0E02-306D-4675-B73A-2C2F619CDDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "844A6963-F60C-4D48-8445-9056C99201D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D24019B-20F0-4B4D-86A5-9409698E6216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antispam:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "44553774-85FF-4F2E-81CA-696A454EAA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0:*:corporate:*:*:*:*:*",
"matchCriteriaId": "D9E85FD6-9E89-4497-854C-60A20639CE52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.0.338:*:corporate:*:*:*:*:*",
"matchCriteriaId": "91F70069-D0F2-41D8-862F-2162CE12D49F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.1:*:corporate:*:*:*:*:*",
"matchCriteriaId": "2860637E-6FA5-445A-86B5-E9F2D2D7DD37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.1.1.1000:*:corporate:*:*:*:*:*",
"matchCriteriaId": "EDF0DA40-1AC4-4610-AEAC-F431E23BAEAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.1.1000:*:corporate:*:*:*:*:*",
"matchCriteriaId": "018D1F3B-BAFC-461E-B833-9E0F98A6533D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.2:*:corporate:*:*:*:*:*",
"matchCriteriaId": "4B9AED5E-2D66-4EB2-95CC-158D909AAE6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.2.1000:*:corporate:*:*:*:*:*",
"matchCriteriaId": "5696AC09-E8BB-4060-9A81-EA2B190B850A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.3.1000:*:corporate:*:*:*:*:*",
"matchCriteriaId": "C18E6605-5F86-4957-AE16-80F59F40110E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.4:*:corporate:*:*:*:*:*",
"matchCriteriaId": "56D54011-9B09-4C63-8301-609C03E51099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.5:*:corporate:*:*:*:*:*",
"matchCriteriaId": "9EF7F7F6-FC6B-4258-AE1D-3E4C19B365B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.5.1100:*:corporate:*:*:*:*:*",
"matchCriteriaId": "A10DA055-1F24-4AFD-A688-58D1DB4FB64A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0:*:corporate:*:*:*:*:*",
"matchCriteriaId": "CAC5389A-8B18-40C4-A3E0-E50B6AA724FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1:*:corporate:*:*:*:*:*",
"matchCriteriaId": "81AE594C-41ED-4FE8-839D-B604AE8DC901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "11477B6E-C4C5-4664-91A7-D253077981F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "44843812-35FC-4378-B239-EEC74A0C8A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "06C7CD61-A47B-4521-8C6F-4BB1F4C95614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CC64B1-772C-42A9-9B0A-08CA92DC87E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "CB5F3CB3-7EB3-416C-AD2F-6357DC7248CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "C890A979-00E7-44E6-8CEA-8E4B2C966622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "29F670F0-FD5D-447C-94B8-691482D907F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "05EB078C-2538-4961-ABFF-6C4601C3977F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\\\symTDI\\, which results in memory overwrite."
},
{
"lang": "es",
"value": "Symantec symtdi.sys versiones anteriores a 7.0.0, tal y como se distribuye en Symantec AntiVirus Corporate Edition 9 hata 10.1 y Client Security 2.0 hasta 3.1, Norton AntiSpam 2005, y Norton AntiVirus, Internet Security, Personal Firewall, y System Works 2005 y 2006; permite a usuarios locales obtener privilegios mediante un Interrupt Request Packet (Irp) manipulado en una petici\u00f3n IOCTL 0x83022323 a \\\\symTDI\\, que resulta en una sobre-escritura de memoria."
}
],
"id": "CVE-2007-3673",
"lastModified": "2024-11-21T00:33:47.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-07-15T21:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=554"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36117"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26042"
},
{
"source": "cve@mitre.org",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11d.html"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1018372"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/22351"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2507"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=554"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11d.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/22351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35347"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-08 22:30
Modified
2024-11-21 01:06
Severity ?
Summary
Unspecified vulnerability in Symantec Norton AntiVirus 2005 through 2008; Norton Internet Security 2005 through 2008; AntiVirus Corporate Edition 9.0 before MR7, 10.0, 10.1 before MR8, and 10.2 before MR3; and Client Security 2.0 before MR7, 3.0, and 3.1 before MR8; when Internet Email Scanning is installed and enabled, allows remote attackers to cause a denial of service (CPU consumption and persistent connection loss) via unknown attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | antivirus | 9.0 | |
| symantec | antivirus | 9.0 | |
| symantec | antivirus | 10.0 | |
| symantec | antivirus | 10.0 | |
| symantec | antivirus | 10.0 | |
| symantec | antivirus | 10.1 | |
| symantec | antivirus | 10.1 | |
| symantec | antivirus | 10.1 | |
| symantec | antivirus | 10.1 | |
| symantec | antivirus | 10.1 | |
| symantec | antivirus | 10.1 | |
| symantec | antivirus | 10.2 | |
| symantec | antivirus | 10.2 | |
| symantec | client_security | 2.0 | |
| symantec | client_security | 2.0 | |
| symantec | client_security | 3.0 | |
| symantec | client_security | 3.0 | |
| symantec | client_security | 3.0 | |
| symantec | client_security | 3.1 | |
| symantec | client_security | 3.1 | |
| symantec | client_security | 3.1 | |
| symantec | client_security | 3.1 | |
| symantec | client_security | 3.1 | |
| symantec | norton_antivirus | 2005 | |
| symantec | norton_antivirus | 2006 | |
| symantec | norton_antivirus | 2007 | |
| symantec | norton_antivirus | 2008 | |
| symantec | norton_internet_security | 2005 | |
| symantec | norton_internet_security | 2006 | |
| symantec | norton_internet_security | 2007 | |
| symantec | norton_internet_security | 2008 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:antivirus:9.0:*:corporate:*:*:*:*:*",
"matchCriteriaId": "655D99D5-1805-4A6F-A5C1-FB4A8B3A6520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:9.0:mr6:corporate:*:*:*:*:*",
"matchCriteriaId": "BF932C81-A605-4A38-8642-A903692860BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.0:*:corporate:*:*:*:*:*",
"matchCriteriaId": "EEB639EF-B434-42ED-A162-A2593FA78E3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.0:mr1:corporate:*:*:*:*:*",
"matchCriteriaId": "0048A5E9-B07B-44BE-B79C-A37DBE96592A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.0:mr2:corporate:*:*:*:*:*",
"matchCriteriaId": "436B467D-0C3C-44FF-A900-431197CA9033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.1:*:corporate:*:*:*:*:*",
"matchCriteriaId": "09C311A9-7F82-46C1-8A69-49C2890B1CFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.1:mp1:corporate:*:*:*:*:*",
"matchCriteriaId": "9ADCB5F2-CCE8-4123-8E7E-EAF4885FD482",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.1:mr4:corporate:*:*:*:*:*",
"matchCriteriaId": "6110CF45-3C3D-4560-A8F3-A5C47CD5265F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.1:mr5:corporate:*:*:*:*:*",
"matchCriteriaId": "D1F6FC33-2929-45A3-9AD1-057456EC366E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.1:mr6:corporate:*:*:*:*:*",
"matchCriteriaId": "084FCB30-F79A-45D0-B310-F3DB20EE3D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.1:mr7:corporate:*:*:*:*:*",
"matchCriteriaId": "B24D11E4-5927-4C3D-BBEB-21DC2990122F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.2:*:corporate:*:*:*:*:*",
"matchCriteriaId": "94E10F15-5F41-4B6B-9C42-7ED34E8420C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:antivirus:10.2:mr2:corporate:*:*:*:*:*",
"matchCriteriaId": "8F35EA2A-B446-446F-8FDE-1C09D9A73687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDD0E02-306D-4675-B73A-2C2F619CDDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:2.0:mr6:*:*:*:*:*:*",
"matchCriteriaId": "437DD896-93F5-49E1-AEE6-F7910F087FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "844A6963-F60C-4D48-8445-9056C99201D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0:mr1:*:*:*:*:*:*",
"matchCriteriaId": "6D4A3BB0-C293-47D5-AC66-4AFAEC45EFBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.0:mr2:*:*:*:*:*:*",
"matchCriteriaId": "120CD307-806A-45A8-9DCF-D23FEE072432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D24019B-20F0-4B4D-86A5-9409698E6216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1:mr4:*:*:*:*:*:*",
"matchCriteriaId": "CD25A172-D70C-44E0-9551-F390AF0AD8A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1:mr5:*:*:*:*:*:*",
"matchCriteriaId": "8FB89648-5727-4F8F-83B7-3E11CE69EA3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1:mr6:*:*:*:*:*:*",
"matchCriteriaId": "7E5A8C92-95C4-4ECC-AEA4-37F830B890E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:client_security:3.1:mr7:*:*:*:*:*:*",
"matchCriteriaId": "589E62A1-067B-4220-9959-03367E5E014F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "11477B6E-C4C5-4664-91A7-D253077981F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "44843812-35FC-4378-B239-EEC74A0C8A39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "C988B309-F397-412A-8570-C3823C7FE7E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "FA990FD5-DF2F-470A-936D-155A36BEDE3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2005:*:*:*:*:*:*:*",
"matchCriteriaId": "06C7CD61-A47B-4521-8C6F-4BB1F4C95614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*",
"matchCriteriaId": "C1CC64B1-772C-42A9-9B0A-08CA92DC87E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "692ECBCD-AB6B-4965-93F4-BDAD4777C018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2008:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF87752-C86D-4C89-9DE9-F874068C89EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Symantec Norton AntiVirus 2005 through 2008; Norton Internet Security 2005 through 2008; AntiVirus Corporate Edition 9.0 before MR7, 10.0, 10.1 before MR8, and 10.2 before MR3; and Client Security 2.0 before MR7, 3.0, and 3.1 before MR8; when Internet Email Scanning is installed and enabled, allows remote attackers to cause a denial of service (CPU consumption and persistent connection loss) via unknown attack vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Symantec Norton AntiVirus 2005 hasta 2008; Norton Internet Security 2005 hasta 2008; AntiVirus Corporate Edition v9.0 anteriores a MR7, v10.0, v10.1 anteriores a MR8, y v10.2 anteriores a MR3; y Client Security v2.0 anteriores a MR7, v3.0, y v3.1 anteriores a MR8; cuando Internet Email Scanning est\u00e1 instalado y habilitado, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (consumo CPU y p\u00e9rdida de conexi\u00f3n persistente) a trav\u00e9s de vectores de ataque desconocidos."
}
],
"id": "CVE-2009-3104",
"lastModified": "2024-11-21T01:06:33.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-09-08T22:30:00.530",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/57429"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36493"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34670"
},
{
"source": "cve@mitre.org",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_01"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2449"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/57429"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2009\u0026suid=20090826_01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52820"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | internet_information_server | 4.0 | |
| microsoft | internet_information_services | 5.0 | |
| symantec | norton_internet_security | 2001 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D47E9C4-5439-4A82-BBD8-D6B482B47E51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "413C07EA-139F-4B7D-A58B-835BD2591FA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:2001:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2C8E23-852E-4715-9D8D-18F26B1263A0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running."
}
],
"id": "CVE-2002-1695",
"lastModified": "2024-11-20T23:41:54.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/250591"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3888"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/250591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3888"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7919"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-30 23:59
Modified
2024-11-21 02:50
Severity ?
Summary
The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation) via a crafted ZIP archive that is mishandled during decompression.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_security:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "0C78C906-E9C6-4068-9A6F-3998E7741059",
"versionEndIncluding": "13.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:protection_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56A57E41-7739-490E-ADD2-05B006148223",
"versionEndIncluding": "7.0.5",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD8F7EBB-8ACA-471F-9557-2A3C8E14A05F",
"versionEndIncluding": "7.5.4",
"versionStartIncluding": "7.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_engine:7.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "580CEE93-D3FA-4D94-909B-DCBD18889E7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:advanced_threat_protection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6239DAA-EEB3-4483-9DAD-BC0D571BF29A",
"versionEndIncluding": "2.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_bootable_removal_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "64EFED02-BE21-40C2-B9DF-E2DEFE675A9F",
"versionEndIncluding": "2016.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A33DC725-184F-47DA-BE64-D90540B3B7AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.0:mp1:*:*:*:*:*:*",
"matchCriteriaId": "36039D60-BB6E-4701-B90E-D2954600386D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E2CFC20B-2B5D-4E00-B62A-A95B593544DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.5:mp1:*:*:*:*:*:*",
"matchCriteriaId": "39B85357-FE30-4BC2-8A2C-CE9C4383C777",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AF15255A-1818-4554-86F6-C553087DBCBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:data_center_security_server:6.6:mp1:*:*:*:*:*:*",
"matchCriteriaId": "24823086-8771-4495-8DCB-47F1AF27988E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE4FB61-2CCC-41DD-8F06-65DE35A98E75",
"versionEndIncluding": "6.0.6",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:protection_for_sharepoint_servers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BA33EC1-D6B3-47D1-BCA1-399BC95187A1",
"versionEndIncluding": "6.05",
"versionStartIncluding": "6.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:message_gateway_for_service_providers:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "361DA2D7-C3CC-41A2-A39D-4DA2AFE31A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:message_gateway_for_service_providers:10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "00B021EA-7B32-461A-9937-58AA646B62EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:csapi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B105323B-438B-4506-9575-5D55AB837D53",
"versionEndIncluding": "10.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9A310968-717F-4DE8-88EA-E1CF7B842121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp1:*:*:*:*:*:*",
"matchCriteriaId": "40DAC718-5E21-4616-AA68-F46E9D0DC5E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp2:*:*:*:*:*:*",
"matchCriteriaId": "E94A3EEE-61B5-47CD-B880-9E09F56BDAD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp3:*:*:*:*:*:*",
"matchCriteriaId": "1FF40801-FB4E-4708-85BD-CF22AB67AEE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:*:*:*",
"matchCriteriaId": "9844DFD0-3834-4E3C-BE61-D7C1A6D5C76D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:linux:*:*",
"matchCriteriaId": "ED771B06-2BD2-4B5D-9F91-B5377595E931",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:endpoint_protection:12.1.6:mp4:*:*:*:macos:*:*",
"matchCriteriaId": "12B8F2F5-0929-4B95-B6C3-33581F489AF4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_power_eraser:*:*:*:*:*:*:*:*",
"matchCriteriaId": "679C5062-D79D-4FE2-8764-9D6FFB1A87D6",
"versionEndIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC90DD4-8E70-4C5E-999C-C5E1F7483181",
"versionEndIncluding": "8.0.9",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_domino:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFC2C12-8952-4D10-A8DF-6F1092DEADD6",
"versionEndIncluding": "8.1.3",
"versionStartIncluding": "8.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18E0EBEA-966E-4A26-82F8-2451BBE2996D",
"versionEndIncluding": "7.0.4",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E786080F-C93C-4AAF-9752-6174E0F12D0A",
"versionEndIncluding": "7.5.4",
"versionStartIncluding": "7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:mail_security_for_microsoft_exchange:6.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9042F0E1-F41D-4A9F-A3E8-07B2626B433F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:message_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D9E9B7-0F13-4D0F-95CB-3ECEABBD6E44",
"versionEndIncluding": "10.6.1-3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_360:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40F434A2-9094-46E3-8A2C-E166FE2D296A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A58C09D-72A0-48E1-ABF0-49EBECA5D02B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24796276-EB93-4499-AF41-E7608CB211B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_security:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D3937479-A204-4308-901A-CF423667CB24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_security_with_backup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "740DB7AB-6027-4232-85AD-F30B37826B35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:ngc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7A6B2-C4B9-4CA3-93E7-77737C29744E",
"versionEndIncluding": "22.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation) via a crafted ZIP archive that is mishandled during decompression."
},
{
"lang": "es",
"value": "El motor AntiVirus Decomposer en Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x hasta la versi\u00f3n 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) en versiones anteriores a 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) para Mac; Symantec Endpoint Protection (SEP) para Linux en versiones anteriores a 12.1 RU6 MP5; Symantec Protection Engine (SPE) en veriones anteriores a 7.0.5 HF01, 7.5.x en versiones anteriores a 7.5.3 HF03, 7.5.4 en versiones anteriores a HF01 y 7.8.0 en versiones anteriores a HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 hasta la versi\u00f3n 6.0.5 en versiones anteriores a 6.0.5 HF 1.5 y 6.0.6 en versiones anteriores a HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) en versiones anteriores a 7.0_3966002 HF1.1 y 7.5.x en versiones anteriores a 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) en versiones anteriores a 8.0.9 HF1.1 y 8.1.x en versiones anteriores a 8.1.3 HF1.2; CSAPI en versiones anteriores a 10.0.4 HF01; Symantec Message Gateway (SMG) en versiones anteriores a 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 en versiones anteriores a patch 254 y 10.6 en versiones anteriores a patch 253; Norton AntiVirus, Norton Security, Norton Internet Security y Norton 360 en versiones anteriores a NGC 22.7; Norton Security para Mac en versiones anteriores a 13.0.2; Norton Power Eraser (NPE) en versiones anteriores a 5.1; y Norton Bootable Removal Tool (NBRT) en versiones anteriores a 2016.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (violaci\u00f3n de acceso a memoria) a trav\u00e9s de un archivo ZIP que es manejado incorrectamente durante la descompresi\u00f3n."
}
],
"id": "CVE-2016-3646",
"lastModified": "2024-11-21T02:50:27.047",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-30T23:59:07.763",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91435"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036198"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036199"
},
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40036/"
},
{
"source": "secure@symantec.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/40036/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=\u0026suid=20160628_00"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-11-05 19:46
Modified
2024-11-21 00:38
Severity ?
Summary
The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet Security for Macintosh 3.x, uses a directory with weak permissions (group writable), which allows local admin users to gain root privileges by replacing unspecified files, which are executed when a user with physical access inserts a disk and the "Show Progress During Mount Scans" option is enabled.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | norton_antivirus | 9.0 | |
| symantec | norton_antivirus | 9.0.1 | |
| symantec | norton_antivirus | 9.0.2 | |
| symantec | norton_antivirus | 9.0.3 | |
| symantec | norton_antivirus | 10.0 | |
| symantec | norton_antivirus | 10.1 | |
| symantec | norton_internet_security | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "497635AC-D7F2-4A5C-8C37-DA493C9681A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.1:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "242D33E8-1B6B-4562-9F2A-1B34E3B7BC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.2:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "252ACD1B-323F-4139-880D-89D600F29986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.3:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "B2D0922A-3EA3-4BC9-9311-9DCA57338CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "7225A578-8F62-42BD-99AC-D3385478613A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "2A061F24-0256-47F4-A1DD-702A0031EAAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:3.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "D2259605-B720-42B0-8476-6CAE07C7B143",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet Security for Macintosh 3.x, uses a directory with weak permissions (group writable), which allows local admin users to gain root privileges by replacing unspecified files, which are executed when a user with physical access inserts a disk and the \"Show Progress During Mount Scans\" option is enabled."
},
{
"lang": "es",
"value": "El esc\u00e1ner Disk Mount en Symantec AntiVirus para Macintosh versiones 9.x y 10.x, Norton AntiVirus para Macintosh versiones 10.0 y 10.1 y Norton Internet Security para Macintosh versiones 3.x , usa un directorio con permisos d\u00e9biles (grupo grabable), que permite a usuarios administradores locales alcanzar privilegios de root mediante la sustituci\u00f3n de archivos no especificados, que se ejecutan cuando un usuario con acceso f\u00edsico inserta un disco y la opci\u00f3n \"Show Progress During Mount Scans\" est\u00e1 habilitada."
}
],
"id": "CVE-2007-5829",
"lastModified": "2024-11-21T00:38:47.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 1.5,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-11-05T19:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/40864"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27488"
},
{
"source": "cve@mitre.org",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.11.02.html"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1018889"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1018890"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26253"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3698"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/40864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.11.02.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/3698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38229"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}