Search criteria
9 vulnerabilities found for norton_utilities by symantec
FKIE_CVE-2018-5235
Vulnerability from fkie_nvd - Published: 2018-08-22 17:29 - Updated: 2024-11-21 04:08
Severity ?
Summary
Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application.
References
| URL | Tags | ||
|---|---|---|---|
| secure@symantec.com | http://www.securityfocus.com/bid/105099 | Third Party Advisory, VDB Entry | |
| secure@symantec.com | https://support.symantec.com/en_US/article.SYMSA1459.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105099 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.symantec.com/en_US/article.SYMSA1459.html | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | norton_utilities | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_utilities:*:*:*:*:*:*:*:*",
"matchCriteriaId": "652770C2-440C-4F53-9607-3D7845092488",
"versionEndExcluding": "16.0.3.44",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application."
},
{
"lang": "es",
"value": "Norton Utilities (en versiones anteriores a la 16.0.3.44) puede ser susceptible a una vulnerabilidad de precarga de DLL, que es un tipo de problema que puede ocurrir cuando una aplicaci\u00f3n busca llamar a un DLL para su ejecuci\u00f3n y un atacante proporciona un DLL malicioso para usarlo en su lugar. Dependiendo de c\u00f3mo est\u00e9 configurada la aplicaci\u00f3n, \u00e9sta por lo general seguir\u00e1 una ruta de b\u00fasqueda espec\u00edfica para localizar el DLL. La vulnerabilidad puede ser explotada mediante una escritura simple de archivo (o, potencialmente, una sobrescritura), lo que resulta en un DLL externo que se ejecuta bajo el contexto de la aplicaci\u00f3n."
}
],
"id": "CVE-2018-5235",
"lastModified": "2024-11-21T04:08:23.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-22T17:29:00.710",
"references": [
{
"source": "secure@symantec.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105099"
},
{
"source": "secure@symantec.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1459.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1459.html"
}
],
"sourceIdentifier": "secure@symantec.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-1836
Vulnerability from fkie_nvd - Published: 2006-04-19 16:06 - Updated: 2025-04-03 01:03
Severity ?
Summary
Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | liveupdate | 3.0 | |
| symantec | liveupdate | 3.0.1 | |
| symantec | liveupdate | 3.0.2 | |
| symantec | liveupdate | 3.0.3 | |
| symantec | liveupdate | 3.5 | |
| symantec | norton_antivirus | 9.0.0 | |
| symantec | norton_antivirus | 9.0.1 | |
| symantec | norton_antivirus | 9.0.2 | |
| symantec | norton_antivirus | 9.0.3 | |
| symantec | norton_antivirus | 10.0 | |
| symantec | norton_antivirus | 10.0.0 | |
| symantec | norton_antivirus | 10.0.1 | |
| symantec | norton_antivirus | 10.9.1 | |
| symantec | norton_internet_security | 3.0 | |
| symantec | norton_personal_firewall | 3.0 | |
| symantec | norton_personal_firewall | 3.1 | |
| symantec | norton_system_works | 3.0 | |
| symantec | norton_utilities | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:liveupdate:3.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "05EE17B2-8E91-4413-A35A-183C3000B6A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:liveupdate:3.0.1:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "FB2DE1ED-01B8-42A1-BA70-BA15328B2E6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:liveupdate:3.0.2:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "B3F2C272-73E6-4D07-A72D-145A6BF1818C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:liveupdate:3.0.3:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "50D20D8E-A7D7-4DD6-9918-2E609A7D7620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:liveupdate:3.5:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "749C0B32-9669-4CD6-8615-BCD76C768532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "E72D8D65-340C-4505-AA80-F9E7870513EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.1:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "242D33E8-1B6B-4562-9F2A-1B34E3B7BC71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.2:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "252ACD1B-323F-4139-880D-89D600F29986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0.3:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "B2D0922A-3EA3-4BC9-9311-9DCA57338CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "7225A578-8F62-42BD-99AC-D3385478613A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "FF0903BD-3E78-4024-A773-16100F519B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.1:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "1B390577-F1F1-4821-90FB-967E749F7CCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.9.1:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "44073E2A-A8AB-4D1A-BCFC-8439E40E97E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_internet_security:3.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "D2259605-B720-42B0-8476-6CAE07C7B143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:3.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "9CC3459D-1F86-48A4-9DC2-0E542AEAC97D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_personal_firewall:3.1:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "608F8ECE-F8A9-4659-9ED7-79ADD61E5099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_system_works:3.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "F648A08A-24EF-45A5-B7FD-00CAD5892061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:symantec:norton_utilities:8.0:*:macintosh:*:*:*:*:*",
"matchCriteriaId": "DCB3EF92-1CEA-4E57-94E7-0C596998F4CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
}
],
"id": "CVE-2006-1836",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-19T16:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19682"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/100"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015953"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17571"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1386"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19682"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015953"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-1999-1380
Vulnerability from fkie_nvd - Published: 1997-05-04 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| symantec | norton_utilities | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:symantec:norton_utilities:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D0B5B84-4720-4EA2-AAF9-29D5D507514B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0."
}
],
"id": "CVE-1999-1380",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "1997-05-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://mlarchive.ima.com/win95/1997/May/0342.html"
},
{
"source": "cve@mitre.org",
"url": "http://news.zdnet.co.uk/story/0%2C%2Cs2065518%2C00.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/7188.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.net-security.sk/bugs/NT/nu20.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://mlarchive.ima.com/win95/1997/May/0342.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://news.zdnet.co.uk/story/0%2C%2Cs2065518%2C00.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/7188.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.net-security.sk/bugs/NT/nu20.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-5235 (GCVE-0-2018-5235)
Vulnerability from cvelistv5 – Published: 2018-08-22 17:00 – Updated: 2024-09-16 20:31
VLAI?
Summary
Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application.
Severity ?
No CVSS data available.
CWE
- DLL Preloading
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec Corporation | Norton Utilities |
Affected:
Prior to 16.0.3.44
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:42.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105099",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105099"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1459.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Norton Utilities",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to 16.0.3.44"
}
]
}
],
"datePublic": "2018-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Preloading",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-23T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "105099",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105099"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1459.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2018-08-15T00:00:00",
"ID": "CVE-2018-5235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Norton Utilities",
"version": {
"version_data": [
{
"version_value": "Prior to 16.0.3.44"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Preloading"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105099",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105099"
},
{
"name": "https://support.symantec.com/en_US/article.SYMSA1459.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1459.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-5235",
"datePublished": "2018-08-22T17:00:00Z",
"dateReserved": "2018-01-05T00:00:00",
"dateUpdated": "2024-09-16T20:31:27.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1836 (GCVE-0-2006-1836)
Vulnerability from cvelistv5 – Published: 2006-04-19 16:00 – Updated: 2024-08-07 17:27
VLAI?
Summary
Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:27:29.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/100"
},
{
"name": "17571",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17571"
},
{
"name": "ADV-2006-1386",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1386"
},
{
"name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
},
{
"name": "1015953",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015953"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
},
{
"name": "19682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19682"
},
{
"name": "liveupdate-exepath-env-privilege-escalation(25839)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "100",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/100"
},
{
"name": "17571",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17571"
},
{
"name": "ADV-2006-1386",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1386"
},
{
"name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
},
{
"name": "1015953",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015953"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
},
{
"name": "19682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19682"
},
{
"name": "liveupdate-exepath-env-privilege-escalation(25839)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/100"
},
{
"name": "17571",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17571"
},
{
"name": "ADV-2006-1386",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1386"
},
{
"name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
},
{
"name": "1015953",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015953"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
},
{
"name": "19682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19682"
},
{
"name": "liveupdate-exepath-env-privilege-escalation(25839)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1836",
"datePublished": "2006-04-19T16:00:00",
"dateReserved": "2006-04-19T00:00:00",
"dateUpdated": "2024-08-07T17:27:29.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1380 (GCVE-0-1999-1380)
Vulnerability from cvelistv5 – Published: 2002-03-09 05:00 – Updated: 2024-08-01 17:11
VLAI?
Summary
Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:11:02.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mlarchive.ima.com/win95/1997/May/0342.html"
},
{
"name": "nu-tuneocx-activex-control(7188)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7188.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://news.zdnet.co.uk/story/0%2C%2Cs2065518%2C00.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.net-security.sk/bugs/NT/nu20.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1997-05-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mlarchive.ima.com/win95/1997/May/0342.html"
},
{
"name": "nu-tuneocx-activex-control(7188)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7188.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://news.zdnet.co.uk/story/0%2C%2Cs2065518%2C00.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.net-security.sk/bugs/NT/nu20.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mlarchive.ima.com/win95/1997/May/0342.html",
"refsource": "MISC",
"url": "http://mlarchive.ima.com/win95/1997/May/0342.html"
},
{
"name": "nu-tuneocx-activex-control(7188)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7188.php"
},
{
"name": "http://news.zdnet.co.uk/story/0,,s2065518,00.html",
"refsource": "MISC",
"url": "http://news.zdnet.co.uk/story/0,,s2065518,00.html"
},
{
"name": "http://www.net-security.sk/bugs/NT/nu20.html",
"refsource": "MISC",
"url": "http://www.net-security.sk/bugs/NT/nu20.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1380",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T17:11:02.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5235 (GCVE-0-2018-5235)
Vulnerability from nvd – Published: 2018-08-22 17:00 – Updated: 2024-09-16 20:31
VLAI?
Summary
Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application.
Severity ?
No CVSS data available.
CWE
- DLL Preloading
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Symantec Corporation | Norton Utilities |
Affected:
Prior to 16.0.3.44
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:42.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105099",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105099"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1459.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Norton Utilities",
"vendor": "Symantec Corporation",
"versions": [
{
"status": "affected",
"version": "Prior to 16.0.3.44"
}
]
}
],
"datePublic": "2018-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Preloading",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-23T09:57:01",
"orgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"shortName": "symantec"
},
"references": [
{
"name": "105099",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105099"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.symantec.com/en_US/article.SYMSA1459.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2018-08-15T00:00:00",
"ID": "CVE-2018-5235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Norton Utilities",
"version": {
"version_data": [
{
"version_value": "Prior to 16.0.3.44"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Norton Utilities (prior to 16.0.3.44) may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, it will generally follow a specific search path to locate the DLL. The vulnerability can be exploited by a simple file write (or potentially an over-write) which results in a foreign DLL running under the context of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Preloading"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105099",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105099"
},
{
"name": "https://support.symantec.com/en_US/article.SYMSA1459.html",
"refsource": "CONFIRM",
"url": "https://support.symantec.com/en_US/article.SYMSA1459.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "80d3bcb6-88de-48c2-a47e-aebf795f19b5",
"assignerShortName": "symantec",
"cveId": "CVE-2018-5235",
"datePublished": "2018-08-22T17:00:00Z",
"dateReserved": "2018-01-05T00:00:00",
"dateUpdated": "2024-09-16T20:31:27.130Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1836 (GCVE-0-2006-1836)
Vulnerability from nvd – Published: 2006-04-19 16:00 – Updated: 2024-08-07 17:27
VLAI?
Summary
Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:27:29.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/100"
},
{
"name": "17571",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17571"
},
{
"name": "ADV-2006-1386",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1386"
},
{
"name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
},
{
"name": "1015953",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015953"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
},
{
"name": "19682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19682"
},
{
"name": "liveupdate-exepath-env-privilege-escalation(25839)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "100",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/100"
},
{
"name": "17571",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17571"
},
{
"name": "ADV-2006-1386",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1386"
},
{
"name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
},
{
"name": "1015953",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015953"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
},
{
"name": "19682",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19682"
},
{
"name": "liveupdate-exepath-env-privilege-escalation(25839)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1836",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/100"
},
{
"name": "17571",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17571"
},
{
"name": "ADV-2006-1386",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1386"
},
{
"name": "20060418 [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431318/100/0/threaded"
},
{
"name": "1015953",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015953"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2006.04.17b.html"
},
{
"name": "19682",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19682"
},
{
"name": "liveupdate-exepath-env-privilege-escalation(25839)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25839"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1836",
"datePublished": "2006-04-19T16:00:00",
"dateReserved": "2006-04-19T00:00:00",
"dateUpdated": "2024-08-07T17:27:29.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1380 (GCVE-0-1999-1380)
Vulnerability from nvd – Published: 2002-03-09 05:00 – Updated: 2024-08-01 17:11
VLAI?
Summary
Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:11:02.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mlarchive.ima.com/win95/1997/May/0342.html"
},
{
"name": "nu-tuneocx-activex-control(7188)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7188.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://news.zdnet.co.uk/story/0%2C%2Cs2065518%2C00.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.net-security.sk/bugs/NT/nu20.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1997-05-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mlarchive.ima.com/win95/1997/May/0342.html"
},
{
"name": "nu-tuneocx-activex-control(7188)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7188.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://news.zdnet.co.uk/story/0%2C%2Cs2065518%2C00.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.net-security.sk/bugs/NT/nu20.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mlarchive.ima.com/win95/1997/May/0342.html",
"refsource": "MISC",
"url": "http://mlarchive.ima.com/win95/1997/May/0342.html"
},
{
"name": "nu-tuneocx-activex-control(7188)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7188.php"
},
{
"name": "http://news.zdnet.co.uk/story/0,,s2065518,00.html",
"refsource": "MISC",
"url": "http://news.zdnet.co.uk/story/0,,s2065518,00.html"
},
{
"name": "http://www.net-security.sk/bugs/NT/nu20.html",
"refsource": "MISC",
"url": "http://www.net-security.sk/bugs/NT/nu20.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1380",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T17:11:02.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}