cvelistv5 - cve-2008-0309

CVE-2008-0309 (GCVE-0-2008-0309)

Vulnerability from cvelistv5 – Published: 2008-02-28 20:00 – Updated: 2024-08-07 07:39

Summary

Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp).

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.symantec.com/avcenter/security/Content…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2008/0680	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/27913	vdb-entryx_refsource_BID
	http://secunia.com/advisories/29140	third-party-advisoryx_refsource_SECUNIA
	http://labs.idefense.com/intelligence/vulnerabili…	third-party-advisoryx_refsource_IDEFENSE
	http://www.securitytracker.com/id?1019503	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:39:34.903Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.symantec.com/avcenter/security/Content/2008.02.27.html"
          },
          {
            "name": "ADV-2008-0680",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0680"
          },
          {
            "name": "27913",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27913"
          },
          {
            "name": "29140",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29140"
          },
          {
            "name": "20080226 Symantec Scan Engine 5.1.2 RAR File Buffer Overflow Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=667"
          },
          {
            "name": "1019503",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019503"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-02-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2008-03-11T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.symantec.com/avcenter/security/Content/2008.02.27.html"
        },
        {
          "name": "ADV-2008-0680",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0680"
        },
        {
          "name": "27913",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27913"
        },
        {
          "name": "29140",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29140"
        },
        {
          "name": "20080226 Symantec Scan Engine 5.1.2 RAR File Buffer Overflow Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=667"
        },
        {
          "name": "1019503",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019503"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0309",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.symantec.com/avcenter/security/Content/2008.02.27.html",
              "refsource": "CONFIRM",
              "url": "http://www.symantec.com/avcenter/security/Content/2008.02.27.html"
            },
            {
              "name": "ADV-2008-0680",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0680"
            },
            {
              "name": "27913",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27913"
            },
            {
              "name": "29140",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29140"
            },
            {
              "name": "20080226 Symantec Scan Engine 5.1.2 RAR File Buffer Overflow Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=667"
            },
            {
              "name": "1019503",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019503"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0309",
    "datePublished": "2008-02-28T20:00:00",
    "dateReserved": "2008-01-16T00:00:00",
    "dateUpdated": "2024-08-07T07:39:34.903Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:scan_engine:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.1.4.24\", \"matchCriteriaId\": \"AB87EEAE-C3E0-4145-B218-9D408F92019D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:symantec_antivirus_filtering_domino_mpe:*:*:aix:*:*:*:*:*\", \"versionEndIncluding\": \"3.0.12\", \"matchCriteriaId\": \"16D7344B-86C6-4F85-A3BC-F0923BE01BBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:symantec_antivirus_filtering_domino_mpe:*:*:linux:*:*:*:*:*\", \"versionEndIncluding\": \"3.0.12\", \"matchCriteriaId\": \"852B500B-D411-4423-95A8-EEC05AFEAC31\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:symantec_antivirus_filtering_domino_mpe:*:*:solaris:*:*:*:*:*\", \"versionEndIncluding\": \"3.0.12\", \"matchCriteriaId\": \"C0B93FAE-4014-4417-A46A-3F52667E223F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:symantec_antivirus_network_attached_storage:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.3.16.39\", \"matchCriteriaId\": \"90C81F8F-8176-4EB2-B61B-08A3F8958628\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:symantec_antivirus_scan_engine:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.3.16.39\", \"matchCriteriaId\": \"E648A3CF-2DB0-4578-8FF4-E8DB7DEE249F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:symantec_antivirus_scan_engine_caching:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.3.16.39\", \"matchCriteriaId\": \"F10B5FA2-D60A-4ECD-98D5-24E2AC227604\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:symantec_antivirus_scan_engine_clearswift:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.3.16.39\", \"matchCriteriaId\": \"DAE997E4-3686-433C-94A8-1F039F6A5FD2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:symantec_antivirus_scan_engine_for_microsoft_sharepoint:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.3.16.39\", \"matchCriteriaId\": \"10C9C1CB-1E4F-48D8-A5CA-322C2944EF5E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:symantec_antivirus_scan_engine_for_ms_isa:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.3.16.39\", \"matchCriteriaId\": \"64B57FBE-71D4-4392-BA76-B3B6BED94A6C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:symantec_antivirus_scan_engine_messaging:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.3.16.39\", \"matchCriteriaId\": \"49FEB258-2259-4E24-BDAC-A857B4C98095\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:symantec_mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.6.5.12\", \"matchCriteriaId\": \"EF5109EC-23D1-4100-8F5E-751B566CE75D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:symantec_mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.0.4.363\", \"matchCriteriaId\": \"48264D1D-94A1-49C1-A57D-34074C582630\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp).\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de Desbordamiento de b\\u00fafer basado en pila en Symantec Decomposer inclu\\u00eddo en productos como Symantec Scan Engine 5.1.2 y versiones anteriores a 5.1.6.31, que permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n o causar una denegaci\\u00f3n de servicio (ca\\u00edda de aplicaci\\u00f3n) a trav\\u00e9s de un fichero RAR mal formado al puerto (1344/tcp) Internet Content Adaptation Protocol (ICAP)\"}]",
      "id": "CVE-2008-0309",
      "lastModified": "2024-11-21T00:41:38.550",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": true}]}",
      "published": "2008-02-28T20:44:00.000",
      "references": "[{\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=667\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/29140\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/27913\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1019503\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.symantec.com/avcenter/security/Content/2008.02.27.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0680\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=667\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/29140\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/27913\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1019503\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.symantec.com/avcenter/security/Content/2008.02.27.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2008/0680\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-0309\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-02-28T20:44:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp).\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de Desbordamiento de b\u00fafer basado en pila en Symantec Decomposer inclu\u00eddo en productos como Symantec Scan Engine 5.1.2 y versiones anteriores a 5.1.6.31, que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un fichero RAR mal formado al puerto (1344/tcp) Internet Content Adaptation Protocol (ICAP)\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:scan_engine:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.1.4.24\",\"matchCriteriaId\":\"AB87EEAE-C3E0-4145-B218-9D408F92019D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:symantec_antivirus_filtering_domino_mpe:*:*:aix:*:*:*:*:*\",\"versionEndIncluding\":\"3.0.12\",\"matchCriteriaId\":\"16D7344B-86C6-4F85-A3BC-F0923BE01BBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:symantec_antivirus_filtering_domino_mpe:*:*:linux:*:*:*:*:*\",\"versionEndIncluding\":\"3.0.12\",\"matchCriteriaId\":\"852B500B-D411-4423-95A8-EEC05AFEAC31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:symantec_antivirus_filtering_domino_mpe:*:*:solaris:*:*:*:*:*\",\"versionEndIncluding\":\"3.0.12\",\"matchCriteriaId\":\"C0B93FAE-4014-4417-A46A-3F52667E223F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:symantec_antivirus_network_attached_storage:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.3.16.39\",\"matchCriteriaId\":\"90C81F8F-8176-4EB2-B61B-08A3F8958628\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:symantec_antivirus_scan_engine:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.3.16.39\",\"matchCriteriaId\":\"E648A3CF-2DB0-4578-8FF4-E8DB7DEE249F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:symantec_antivirus_scan_engine_caching:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.3.16.39\",\"matchCriteriaId\":\"F10B5FA2-D60A-4ECD-98D5-24E2AC227604\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:symantec_antivirus_scan_engine_clearswift:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.3.16.39\",\"matchCriteriaId\":\"DAE997E4-3686-433C-94A8-1F039F6A5FD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:symantec_antivirus_scan_engine_for_microsoft_sharepoint:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.3.16.39\",\"matchCriteriaId\":\"10C9C1CB-1E4F-48D8-A5CA-322C2944EF5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:symantec_antivirus_scan_engine_for_ms_isa:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.3.16.39\",\"matchCriteriaId\":\"64B57FBE-71D4-4392-BA76-B3B6BED94A6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:symantec_antivirus_scan_engine_messaging:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.3.16.39\",\"matchCriteriaId\":\"49FEB258-2259-4E24-BDAC-A857B4C98095\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:symantec_mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.6.5.12\",\"matchCriteriaId\":\"EF5109EC-23D1-4100-8F5E-751B566CE75D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:symantec_mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.0.4.363\",\"matchCriteriaId\":\"48264D1D-94A1-49C1-A57D-34074C582630\"}]}]}],\"references\":[{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=667\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/29140\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/27913\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1019503\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.symantec.com/avcenter/security/Content/2008.02.27.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0680\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=667\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/29140\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/27913\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1019503\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.symantec.com/avcenter/security/Content/2008.02.27.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0680\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2008-0309

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2008-0309

Aliases

CVE-2008-0309

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-0309",
    "description": "Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp).",
    "id": "GSD-2008-0309"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-0309"
      ],
      "details": "Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp).",
      "id": "GSD-2008-0309",
      "modified": "2023-12-13T01:22:58.975067Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-0309",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp)."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.symantec.com/avcenter/security/Content/2008.02.27.html",
            "refsource": "CONFIRM",
            "url": "http://www.symantec.com/avcenter/security/Content/2008.02.27.html"
          },
          {
            "name": "ADV-2008-0680",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0680"
          },
          {
            "name": "27913",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/27913"
          },
          {
            "name": "29140",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29140"
          },
          {
            "name": "20080226 Symantec Scan Engine 5.1.2 RAR File Buffer Overflow Vulnerability",
            "refsource": "IDEFENSE",
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=667"
          },
          {
            "name": "1019503",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1019503"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:symantec:symantec_antivirus_scan_engine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.3.16.39",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:symantec_antivirus_scan_engine_caching:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.3.16.39",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:scan_engine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.1.4.24",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:symantec_antivirus_scan_engine_clearswift:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.3.16.39",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:symantec_antivirus_scan_engine_for_microsoft_sharepoint:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.3.16.39",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:symantec_antivirus_filtering_domino_mpe:*:*:aix:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.0.12",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:symantec_antivirus_filtering_domino_mpe:*:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.0.12",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:symantec_antivirus_scan_engine_for_ms_isa:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.3.16.39",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:symantec_antivirus_scan_engine_messaging:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.3.16.39",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:symantec_antivirus_filtering_domino_mpe:*:*:solaris:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.0.12",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:symantec_antivirus_network_attached_storage:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.3.16.39",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:symantec_mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.6.5.12",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:symantec_mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "5.0.4.363",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0309"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20080226 Symantec Scan Engine 5.1.2 RAR File Buffer Overflow Vulnerability",
              "refsource": "IDEFENSE",
              "tags": [],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=667"
            },
            {
              "name": "http://www.symantec.com/avcenter/security/Content/2008.02.27.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.symantec.com/avcenter/security/Content/2008.02.27.html"
            },
            {
              "name": "27913",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/27913"
            },
            {
              "name": "29140",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/29140"
            },
            {
              "name": "1019503",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1019503"
            },
            {
              "name": "ADV-2008-0680",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0680"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2011-03-08T03:04Z",
      "publishedDate": "2008-02-28T20:44Z"
    }
  }
}

CERTA-2008-AVI-107

Vulnerability from certfr_avis - Published: - Updated:

Deux vulnérabilités dans le moteur Symantec Decomposer permettent de réaliser un déni de service et d'exécuter du code arbitraire à distance.

Description

Deux vulnérabilités ont été découvertes dans le moteur Symantec Decomposer lors du traitement d'archives RAR. La première faille permet de réaliser un déni de service à distance par consommation excessive de la mémoire. La seconde, de type débordement de mémoire, permet l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Symantec	N/A	Symantec Antivirus Scan Engine for Clearswift versions 4.3.16.39 et antérieures ;
Symantec	N/A	Symantec AntiVirus for Network Attached Storage versions 4.3.16.39 et antérieures ;
Symantec	N/A	Symantec Scan Engine versions 5.1.4.24 et antérieures.
Symantec	N/A	toutes les versions de Symantec AntiVirus/Filtering for Domino MPE ;
Symantec	N/A	Symantec AntiVirus Scan Engine versions 4.3.16.39 et antérieures ;
Symantec	N/A	Symantec Antivirus Scan Engine for Messaging versions 4.3.16.39 et antérieures ;
Symantec	N/A	Symantec Antivirus Scan Engine for MS ISA versions 4.3.16.39 et antérieures ;
Symantec	N/A	Symantec Mail Security for Microsoft Exchange versions 4.6.5.12 et antérieures ;
Symantec	N/A	Symantec Antivirus Scan Engine for MS SharePoint versions 4.3.16.39 et antérieures ;
Symantec	N/A	Symantec Mail Security for Microsoft Exchange versions 5.0.4.363 et antérieures ;
Symantec	N/A	Symantec Antivirus Scan Engine for Caching versions 4.3.16.39 et antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité SYM08-006 du 26 février 2008	None	vendor-advisory
Bulletin de sécurité Symantec SYM08-006 du 26 février 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Symantec Antivirus Scan Engine for Clearswift versions 4.3.16.39 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec AntiVirus for Network Attached Storage versions 4.3.16.39 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Scan Engine versions 5.1.4.24 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "toutes les versions de Symantec AntiVirus/Filtering for Domino MPE ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec AntiVirus Scan Engine versions 4.3.16.39 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Antivirus Scan Engine for Messaging versions 4.3.16.39 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Antivirus Scan Engine for MS ISA versions 4.3.16.39 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Mail Security for Microsoft Exchange versions 4.6.5.12 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Antivirus Scan Engine for MS SharePoint versions 4.3.16.39 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Mail Security for Microsoft Exchange versions 5.0.4.363 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Antivirus Scan Engine for Caching versions 4.3.16.39 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le moteur Symantec\nDecomposer lors du traitement d\u0027archives RAR. La premi\u00e8re faille permet\nde r\u00e9aliser un d\u00e9ni de service \u00e0 distance par consommation excessive de\nla m\u00e9moire. La seconde, de type d\u00e9bordement de m\u00e9moire, permet\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0308"
    },
    {
      "name": "CVE-2008-0309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0309"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Symantec SYM08-006 du 26 f\u00e9vrier 2008    :",
      "url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.02.27.html"
    }
  ],
  "reference": "CERTA-2008-AVI-107",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-02-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s dans le moteur \u003cspan class=\"textit\"\u003eSymantec\nDecomposer\u003c/span\u003e permettent de r\u00e9aliser un d\u00e9ni de service et\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Symantec Decomposer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SYM08-006 du 26 f\u00e9vrier 2008",
      "url": null
    }
  ]
}

CERTA-2008-AVI-107

Vulnerability from certfr_avis - Published: - Updated:

Deux vulnérabilités dans le moteur Symantec Decomposer permettent de réaliser un déni de service et d'exécuter du code arbitraire à distance.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Symantec	N/A	Symantec Antivirus Scan Engine for Clearswift versions 4.3.16.39 et antérieures ;
Symantec	N/A	Symantec AntiVirus for Network Attached Storage versions 4.3.16.39 et antérieures ;
Symantec	N/A	Symantec Scan Engine versions 5.1.4.24 et antérieures.
Symantec	N/A	toutes les versions de Symantec AntiVirus/Filtering for Domino MPE ;
Symantec	N/A	Symantec AntiVirus Scan Engine versions 4.3.16.39 et antérieures ;
Symantec	N/A	Symantec Antivirus Scan Engine for Messaging versions 4.3.16.39 et antérieures ;
Symantec	N/A	Symantec Antivirus Scan Engine for MS ISA versions 4.3.16.39 et antérieures ;
Symantec	N/A	Symantec Mail Security for Microsoft Exchange versions 4.6.5.12 et antérieures ;
Symantec	N/A	Symantec Antivirus Scan Engine for MS SharePoint versions 4.3.16.39 et antérieures ;
Symantec	N/A	Symantec Mail Security for Microsoft Exchange versions 5.0.4.363 et antérieures ;
Symantec	N/A	Symantec Antivirus Scan Engine for Caching versions 4.3.16.39 et antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité SYM08-006 du 26 février 2008	None	vendor-advisory
Bulletin de sécurité Symantec SYM08-006 du 26 février 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Symantec Antivirus Scan Engine for Clearswift versions 4.3.16.39 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec AntiVirus for Network Attached Storage versions 4.3.16.39 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Scan Engine versions 5.1.4.24 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "toutes les versions de Symantec AntiVirus/Filtering for Domino MPE ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec AntiVirus Scan Engine versions 4.3.16.39 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Antivirus Scan Engine for Messaging versions 4.3.16.39 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Antivirus Scan Engine for MS ISA versions 4.3.16.39 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Mail Security for Microsoft Exchange versions 4.6.5.12 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Antivirus Scan Engine for MS SharePoint versions 4.3.16.39 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Mail Security for Microsoft Exchange versions 5.0.4.363 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Antivirus Scan Engine for Caching versions 4.3.16.39 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le moteur Symantec\nDecomposer lors du traitement d\u0027archives RAR. La premi\u00e8re faille permet\nde r\u00e9aliser un d\u00e9ni de service \u00e0 distance par consommation excessive de\nla m\u00e9moire. La seconde, de type d\u00e9bordement de m\u00e9moire, permet\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0308"
    },
    {
      "name": "CVE-2008-0309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0309"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Symantec SYM08-006 du 26 f\u00e9vrier 2008    :",
      "url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.02.27.html"
    }
  ],
  "reference": "CERTA-2008-AVI-107",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-02-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s dans le moteur \u003cspan class=\"textit\"\u003eSymantec\nDecomposer\u003c/span\u003e permettent de r\u00e9aliser un d\u00e9ni de service et\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Symantec Decomposer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SYM08-006 du 26 f\u00e9vrier 2008",
      "url": null
    }
  ]
}

GHSA-3RHQ-2G85-5XQR

Vulnerability from github – Published: 2022-05-01 23:28 – Updated: 2022-05-01 23:28

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-0309"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-02-28T20:44:00Z",
    "severity": "MODERATE"
  },
  "details": "Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp).",
  "id": "GHSA-3rhq-2g85-5xqr",
  "modified": "2022-05-01T23:28:58Z",
  "published": "2022-05-01T23:28:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0309"
    },
    {
      "type": "WEB",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=667"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29140"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/27913"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1019503"
    },
    {
      "type": "WEB",
      "url": "http://www.symantec.com/avcenter/security/Content/2008.02.27.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0680"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2008-0309

Vulnerability from fkie_nvd - Published: 2008-02-28 20:44 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=667
cve@mitre.org	http://secunia.com/advisories/29140	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/27913
cve@mitre.org	http://www.securitytracker.com/id?1019503
cve@mitre.org	http://www.symantec.com/avcenter/security/Content/2008.02.27.html
cve@mitre.org	http://www.vupen.com/english/advisories/2008/0680
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=667
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29140	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27913
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1019503
af854a3a-2127-422b-91ae-364da2661108	http://www.symantec.com/avcenter/security/Content/2008.02.27.html
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0680

Impacted products

Vendor	Product	Version
symantec	scan_engine	*
symantec	symantec_antivirus_filtering_domino_mpe	*
symantec	symantec_antivirus_filtering_domino_mpe	*
symantec	symantec_antivirus_filtering_domino_mpe	*
symantec	symantec_antivirus_network_attached_storage	*
symantec	symantec_antivirus_scan_engine	*
symantec	symantec_antivirus_scan_engine_caching	*
symantec	symantec_antivirus_scan_engine_clearswift	*
symantec	symantec_antivirus_scan_engine_for_microsoft_sharepoint	*
symantec	symantec_antivirus_scan_engine_for_ms_isa	*
symantec	symantec_antivirus_scan_engine_messaging	*
symantec	symantec_mail_security_for_microsoft_exchange	*
symantec	symantec_mail_security_for_microsoft_exchange	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:symantec:scan_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB87EEAE-C3E0-4145-B218-9D408F92019D",
              "versionEndIncluding": "5.1.4.24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:symantec_antivirus_filtering_domino_mpe:*:*:aix:*:*:*:*:*",
              "matchCriteriaId": "16D7344B-86C6-4F85-A3BC-F0923BE01BBA",
              "versionEndIncluding": "3.0.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:symantec_antivirus_filtering_domino_mpe:*:*:linux:*:*:*:*:*",
              "matchCriteriaId": "852B500B-D411-4423-95A8-EEC05AFEAC31",
              "versionEndIncluding": "3.0.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:symantec_antivirus_filtering_domino_mpe:*:*:solaris:*:*:*:*:*",
              "matchCriteriaId": "C0B93FAE-4014-4417-A46A-3F52667E223F",
              "versionEndIncluding": "3.0.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:symantec_antivirus_network_attached_storage:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "90C81F8F-8176-4EB2-B61B-08A3F8958628",
              "versionEndIncluding": "4.3.16.39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:symantec_antivirus_scan_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E648A3CF-2DB0-4578-8FF4-E8DB7DEE249F",
              "versionEndIncluding": "4.3.16.39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:symantec_antivirus_scan_engine_caching:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F10B5FA2-D60A-4ECD-98D5-24E2AC227604",
              "versionEndIncluding": "4.3.16.39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:symantec_antivirus_scan_engine_clearswift:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAE997E4-3686-433C-94A8-1F039F6A5FD2",
              "versionEndIncluding": "4.3.16.39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:symantec_antivirus_scan_engine_for_microsoft_sharepoint:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10C9C1CB-1E4F-48D8-A5CA-322C2944EF5E",
              "versionEndIncluding": "4.3.16.39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:symantec_antivirus_scan_engine_for_ms_isa:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "64B57FBE-71D4-4392-BA76-B3B6BED94A6C",
              "versionEndIncluding": "4.3.16.39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:symantec_antivirus_scan_engine_messaging:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FEB258-2259-4E24-BDAC-A857B4C98095",
              "versionEndIncluding": "4.3.16.39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:symantec_mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF5109EC-23D1-4100-8F5E-751B566CE75D",
              "versionEndIncluding": "4.6.5.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:symantec_mail_security_for_microsoft_exchange:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "48264D1D-94A1-49C1-A57D-34074C582630",
              "versionEndIncluding": "5.0.4.363",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de Desbordamiento de b\u00fafer basado en pila en Symantec Decomposer inclu\u00eddo en productos como Symantec Scan Engine 5.1.2 y versiones anteriores a 5.1.6.31, que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un fichero RAR mal formado al puerto (1344/tcp) Internet Content Adaptation Protocol (ICAP)"
    }
  ],
  "id": "CVE-2008-0309",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-02-28T20:44:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=667"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29140"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/27913"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019503"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.symantec.com/avcenter/security/Content/2008.02.27.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0680"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=667"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29140"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/27913"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019503"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.symantec.com/avcenter/security/Content/2008.02.27.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0680"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-0309 (GCVE-0-2008-0309)

GSD-2008-0309

CERTA-2008-AVI-107

Description

Solution

CERTA-2008-AVI-107

Description

Solution

GHSA-3RHQ-2G85-5XQR

FKIE_CVE-2008-0309

Tags

Sightings

Nomenclature