cvelistv5 - cve-2010-0107

CVE-2010-0107 (GCVE-0-2010-0107)

Vulnerability from cvelistv5 – Published: 2010-02-23 20:00 – Updated: 2024-08-07 00:37

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://osvdb.org/62412	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/archive/1/509717/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securitytracker.com/id?1023630	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/38654	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.vupen.com/english/advisories/2010/0411	vdb-entryx_refsource_VUPEN
	http://www.securitytracker.com/id?1023631	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/38217	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id?1023628	vdb-entryx_refsource_SECTRACK
	http://www.symantec.com/security_response/securit…	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1023629	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:37:53.893Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "62412",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/62412"
          },
          {
            "name": "20100224 VUPEN Security Research - Symantec Products \"SYMLTCOM.dll\" Buffer Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/509717/100/0/threaded"
          },
          {
            "name": "1023630",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023630"
          },
          {
            "name": "38654",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38654"
          },
          {
            "name": "symantec-symltcom-activex-bo(56357)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56357"
          },
          {
            "name": "ADV-2010-0411",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0411"
          },
          {
            "name": "1023631",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023631"
          },
          {
            "name": "38217",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/38217"
          },
          {
            "name": "1023628",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023628"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_01"
          },
          {
            "name": "1023629",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023629"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-02-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.  NOTE: this is only a vulnerability if the attacker can \"masquerade as an authorized site.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "62412",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/62412"
        },
        {
          "name": "20100224 VUPEN Security Research - Symantec Products \"SYMLTCOM.dll\" Buffer Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/509717/100/0/threaded"
        },
        {
          "name": "1023630",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023630"
        },
        {
          "name": "38654",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38654"
        },
        {
          "name": "symantec-symltcom-activex-bo(56357)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56357"
        },
        {
          "name": "ADV-2010-0411",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0411"
        },
        {
          "name": "1023631",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023631"
        },
        {
          "name": "38217",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/38217"
        },
        {
          "name": "1023628",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023628"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_01"
        },
        {
          "name": "1023629",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023629"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-0107",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.  NOTE: this is only a vulnerability if the attacker can \"masquerade as an authorized site.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "62412",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/62412"
            },
            {
              "name": "20100224 VUPEN Security Research - Symantec Products \"SYMLTCOM.dll\" Buffer Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/509717/100/0/threaded"
            },
            {
              "name": "1023630",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1023630"
            },
            {
              "name": "38654",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38654"
            },
            {
              "name": "symantec-symltcom-activex-bo(56357)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56357"
            },
            {
              "name": "ADV-2010-0411",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0411"
            },
            {
              "name": "1023631",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1023631"
            },
            {
              "name": "38217",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/38217"
            },
            {
              "name": "1023628",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1023628"
            },
            {
              "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_01",
              "refsource": "CONFIRM",
              "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_01"
            },
            {
              "name": "1023629",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1023629"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-0107",
    "datePublished": "2010-02-23T20:00:00",
    "dateReserved": "2009-12-31T00:00:00",
    "dateUpdated": "2024-08-07T00:37:53.893Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:client_security:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"844A6963-F60C-4D48-8445-9056C99201D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:client_security:3.0.1.1000:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2852548A-39A6-44FB-A73E-96507BA0CD8C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:client_security:3.0.1.1001:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB9641FC-FF7B-4413-8163-B795AA35C888\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:client_security:3.0.1.1007:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17862D7F-7001-46B8-A415-2A15A247E9BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:client_security:3.0.1.1008:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"170AEE7B-31AF-44E2-9B63-9703D0DE721C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:client_security:3.0.1.1009:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E651C9BE-201B-4DDC-A650-F9269531290C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:client_security:3.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56EA0BAC-ED6D-45D2-995C-18B828906E1C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:client_security:3.0.2.2000:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"63B1A9FC-707C-4F6F-959B-30B28E43D202\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:client_security:3.0.2.2001:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"87E4E013-A819-42E0-8F8E-9B2D409F900E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:client_security:3.0.2.2002:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"097B87A8-8176-4426-BDE4-6FDDD272E1B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:client_security:3.0.2.2010:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5EBD7767-C352-435B-8963-83F723FFD302\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:client_security:3.0.2.2011:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2FC1708-B643-4489-A59C-EBDAFD9B0078\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:client_security:3.0.2.2020:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7DCE0C8A-A97C-4DE1-B0EE-3A2D16A34C77\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:client_security:3.0.2.2021:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE714705-CEE9-4BA1-8573-FD3765BC7F94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:client_security:3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D24019B-20F0-4B4D-86A5-9409698E6216\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:client_security:3.1:mr4:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD25A172-D70C-44E0-9551-F390AF0AD8A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:client_security:3.1:mr5:*:*:*:*:*:*\", \"matchCriteriaId\": \"8FB89648-5727-4F8F-83B7-3E11CE69EA3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:client_security:3.1:mr6:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E5A8C92-95C4-4ECC-AEA4-37F830B890E8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:client_security:3.1.0.396:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17110872-8BD5-4CB0-9F2A-B18D091A7EC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:client_security:3.1.0.401:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9D29AD07-6545-4180-8E32-C18586684845\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:client_security:3.1.396:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3706E76-FC65-467E-8D09-A9EAC32E9BBD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:client_security:3.1.400:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF555313-BB5A-4D8A-A3A1-609ABC39F6FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:client_security:3.1.401:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC74372F-329A-4597-810B-88B865771C9D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_360:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"00819E08-CC5C-48FC-9F80-95B68AB19C65\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_360:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9405ECC3-F518-40F7-9541-904C6FACBC85\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"44843812-35FC-4378-B239-EEC74A0C8A39\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:2007:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C988B309-F397-412A-8570-C3823C7FE7E0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_antivirus:2008:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA990FD5-DF2F-470A-936D-155A36BEDE3B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C1CC64B1-772C-42A9-9B0A-08CA92DC87E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_internet_security:2007:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"692ECBCD-AB6B-4965-93F4-BDAD4777C018\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:symantec:norton_internet_security:2008:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3EF87752-C86D-4C89-9DE9-F874068C89EC\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.  NOTE: this is only a vulnerability if the attacker can \\\"masquerade as an authorized site.\\\"\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de b\\u00fafer en el control ActiveX (SYMLTCOM.dll) en Symantec N360 v1.0 y v2.0; Norton Internet Security, AntiVirus, SystemWorks, y Confidential 2006 through 2008; y Symantec Client Security v3.0.x anteriores a v3.1 MR9, y v3.1.x anteriores a MR9; permite a atacantes remotos producir una denegaci\\u00f3n de servicio (ca\\u00edda) y posiblemente ejecutar c\\u00f3digo arbitrario a trav\\u00e9s de vectores desconocidos. NOTA: Esto solo es una vulnerabilidad si el atacante puede actuar como si fuese un sitio autorizado.\"}]",
      "id": "CVE-2010-0107",
      "lastModified": "2024-11-21T01:11:32.740",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2010-02-23T20:30:00.467",
      "references": "[{\"url\": \"http://osvdb.org/62412\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/38654\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/509717/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/38217\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1023628\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1023629\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1023630\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1023631\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_01\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0411\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/56357\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/62412\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/38654\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/509717/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/38217\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1023628\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1023629\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1023630\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1023631\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/0411\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/56357\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-0107\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-02-23T20:30:00.467\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.  NOTE: this is only a vulnerability if the attacker can \\\"masquerade as an authorized site.\\\"\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer en el control ActiveX (SYMLTCOM.dll) en Symantec N360 v1.0 y v2.0; Norton Internet Security, AntiVirus, SystemWorks, y Confidential 2006 through 2008; y Symantec Client Security v3.0.x anteriores a v3.1 MR9, y v3.1.x anteriores a MR9; permite a atacantes remotos producir una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos. NOTA: Esto solo es una vulnerabilidad si el atacante puede actuar como si fuese un sitio autorizado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"844A6963-F60C-4D48-8445-9056C99201D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:3.0.1.1000:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2852548A-39A6-44FB-A73E-96507BA0CD8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:3.0.1.1001:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB9641FC-FF7B-4413-8163-B795AA35C888\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:3.0.1.1007:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17862D7F-7001-46B8-A415-2A15A247E9BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:3.0.1.1008:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"170AEE7B-31AF-44E2-9B63-9703D0DE721C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:3.0.1.1009:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E651C9BE-201B-4DDC-A650-F9269531290C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56EA0BAC-ED6D-45D2-995C-18B828906E1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:3.0.2.2000:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63B1A9FC-707C-4F6F-959B-30B28E43D202\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:3.0.2.2001:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87E4E013-A819-42E0-8F8E-9B2D409F900E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:3.0.2.2002:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"097B87A8-8176-4426-BDE4-6FDDD272E1B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:3.0.2.2010:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EBD7767-C352-435B-8963-83F723FFD302\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:3.0.2.2011:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2FC1708-B643-4489-A59C-EBDAFD9B0078\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:3.0.2.2020:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7DCE0C8A-A97C-4DE1-B0EE-3A2D16A34C77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:3.0.2.2021:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE714705-CEE9-4BA1-8573-FD3765BC7F94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D24019B-20F0-4B4D-86A5-9409698E6216\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:3.1:mr4:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD25A172-D70C-44E0-9551-F390AF0AD8A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:3.1:mr5:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FB89648-5727-4F8F-83B7-3E11CE69EA3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:3.1:mr6:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E5A8C92-95C4-4ECC-AEA4-37F830B890E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:3.1.0.396:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17110872-8BD5-4CB0-9F2A-B18D091A7EC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:3.1.0.401:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D29AD07-6545-4180-8E32-C18586684845\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:3.1.396:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3706E76-FC65-467E-8D09-A9EAC32E9BBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:3.1.400:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF555313-BB5A-4D8A-A3A1-609ABC39F6FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:client_security:3.1.401:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC74372F-329A-4597-810B-88B865771C9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_360:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00819E08-CC5C-48FC-9F80-95B68AB19C65\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_360:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9405ECC3-F518-40F7-9541-904C6FACBC85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44843812-35FC-4378-B239-EEC74A0C8A39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:2007:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C988B309-F397-412A-8570-C3823C7FE7E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_antivirus:2008:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA990FD5-DF2F-470A-936D-155A36BEDE3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1CC64B1-772C-42A9-9B0A-08CA92DC87E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_internet_security:2007:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"692ECBCD-AB6B-4965-93F4-BDAD4777C018\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:symantec:norton_internet_security:2008:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EF87752-C86D-4C89-9DE9-F874068C89EC\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/62412\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/38654\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/509717/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/38217\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1023628\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1023629\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1023630\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1023631\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_01\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0411\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/56357\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/62412\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/38654\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/509717/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/38217\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1023628\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1023629\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1023630\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1023631\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0411\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/56357\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-201002-0080

Vulnerability from variot - Updated: 2023-12-18 12:11

Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. NOTE: this is only a vulnerability if the attacker can "masquerade as an authorized site.". Multiple Symantec products are prone to a stack-based buffer-overflow vulnerability because the applications utilize an ActiveX control that fails to adequately validate user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions. Remote Attacker An attacker can pass an unidentified vector, causing a denial of service. ----------------------------------------------------------------------

Public Beta of CSI and WSUS Integration http://secunia.com/blog/74

TITLE: Symantec Products "SYMLTCOM.dll" ActiveX Control Buffer Overflow

SECUNIA ADVISORY ID: SA38654

VERIFY ADVISORY: http://secunia.com/advisories/38654/

DESCRIPTION: A vulnerability has been reported in some Symantec products, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an input validation error in the SYMLTCOM.dll ActiveX control, which can be exploited to cause e.g. a stack-based buffer overflow when a user visits a specially crafted web page.

Successful exploitation allows execution of arbitrary code, but is limited to a certain unspecified domain.

Symantec Client Security 3.0.x: Update to SCS 3.1 MR9.

Symantec Client Security 3.1.x: Update to MR9.

PROVIDED AND/OR DISCOVERED BY: The vendor credits FrSIRT.

ORIGINAL ADVISORY: Symantec SYM10-003: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_01

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

. VUPEN Security Research - Symantec Products "SYMLTCOM.dll" Buffer Overflow Vulnerability

http://www.vupen.com/english/research.php

I. DESCRIPTION

VUPEN Vulnerability Research Team discovered a vulnerability in various Symantec security products.

II. CREDIT

The vulnerabilities were discovered by VUPEN Security

V. ABOUT VUPEN Security

VUPEN is a leading IT security research company providing vulnerability management services to allow enterprises and organizations to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks.

VUPEN also provides research services for security vendors (antivirus, IDS, IPS,etc) to supplement their internal vulnerability research efforts and quickly develop vulnerability-based and exploit-based signatures, rules, and filters, and proactively protect their customers against potential threats.

VUPEN Vulnerability Notification Service:

http://www.vupen.com/english/services

VUPEN Exploits and In-Depth Vulnerability Analysis:

http://www.vupen.com/exploits

VI. REFERENCES

http://www.vupen.com/english/advisories/2010/0411 http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_01 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0107

VII. DISCLOSURE TIMELINE

2008-04-07 - Vendor notified 2008-04-08 - Vendor response 2008-05-09 - Status update received 2008-06-10 - Status update received 2008-12-05 - Status update received 2010-02-18 - Patches available, public disclosure

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201002-0080",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "symantec",
        "version": "3.1"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "symantec",
        "version": "3.1.400"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "symantec",
        "version": "3.1.401"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "symantec",
        "version": "3.0"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "symantec",
        "version": "3.1.396"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "3.1.0.396"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "symantec",
        "version": "3.1.0.401"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "symantec",
        "version": "3.0.1.1008"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "symantec",
        "version": "3.0.2.2000"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "symantec",
        "version": "3.0.1.1009"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "symantec",
        "version": "3.0.1.1000"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "symantec",
        "version": "3.0.2.2020"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "symantec",
        "version": "3.0.2.2010"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "symantec",
        "version": "3.0.2.2001"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "symantec",
        "version": "3.0.1.1007"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "symantec",
        "version": "3.0.1.1001"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "symantec",
        "version": "3.0.2.2011"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "symantec",
        "version": "3.0.2.2021"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "symantec",
        "version": "2006"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "symantec",
        "version": "3.0.2.2002"
      },
      {
        "model": "norton 360",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "1.0"
      },
      {
        "model": "norton 360",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "2.0"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "2007"
      },
      {
        "model": "norton internet security",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "2007"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "2008"
      },
      {
        "model": "norton internet security",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "2008"
      },
      {
        "model": "norton internet security",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "2006"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "symantec",
        "version": "3.0.2"
      },
      {
        "model": "client security",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "symantec",
        "version": "3.1 mr9"
      },
      {
        "model": "norton 360",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "symantec",
        "version": "1.0    2.0"
      },
      {
        "model": "norton antivirus",
        "scope": null,
        "trust": 0.8,
        "vendor": "symantec",
        "version": null
      },
      {
        "model": "norton internet security",
        "scope": null,
        "trust": 0.8,
        "vendor": "symantec",
        "version": null
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.1.6.6000"
      },
      {
        "model": "norton systemworks",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "20060"
      },
      {
        "model": "norton internet security professional edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "2006"
      },
      {
        "model": "norton internet security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "20080"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.1.5.5010"
      },
      {
        "model": "norton confidential",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "20070"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.1.6.6010"
      },
      {
        "model": "norton internet security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "20060"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.1.7.7000"
      },
      {
        "model": "norton confidential",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "20080"
      },
      {
        "model": "client security mr6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.1"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.0.1.1003"
      },
      {
        "model": "norton system works",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "2006"
      },
      {
        "model": "norton confidential",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "20060"
      },
      {
        "model": "norton systemworks premier",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "20050"
      },
      {
        "model": "norton",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3602.0"
      },
      {
        "model": "client security mr4 mp1 build",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.1.4-4010"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.1.394"
      },
      {
        "model": "client security mr8",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.1"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.0.0.359"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.1.5.5000"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.1.4.4000"
      },
      {
        "model": "client security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.1.5.5001"
      },
      {
        "model": "norton systemworks",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "20070"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "20070"
      },
      {
        "model": "norton",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3601.0"
      },
      {
        "model": "client security mr7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.1"
      },
      {
        "model": "client security mr9",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.1"
      },
      {
        "model": "norton antivirus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "20080"
      },
      {
        "model": "norton systemworks",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "20080"
      },
      {
        "model": "norton internet security",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "20070"
      },
      {
        "model": "client security mr6 mp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "symantec",
        "version": "3.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "38217"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005201"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0107"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201002-232"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2008:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:2007:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.0.2.2001:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.0.2.2000:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1:mr5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1:mr6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:2008:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2007:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.0.2.2010:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.0.2.2002:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.0.1.1001:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.0.1.1000:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1.401:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1:mr4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.0.2.2021:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.0.1.1009:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1.0.396:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1.0.401:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_360:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_360:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.0.2.2020:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.0.2.2011:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.0.1.1008:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.0.1.1007:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1.396:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1.400:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-0107"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FrSIRT",
    "sources": [
      {
        "db": "BID",
        "id": "38217"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2010-0107",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 9.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2010-0107",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-42712",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2010-0107",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201002-232",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-42712",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42712"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005201"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0107"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201002-232"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.  NOTE: this is only a vulnerability if the attacker can \"masquerade as an authorized site.\". Multiple Symantec products are prone to a stack-based buffer-overflow vulnerability because the applications utilize an ActiveX control that fails to adequately validate user-supplied input. \nAn attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer).  Failed attacks will likely cause denial-of-service conditions. Remote Attacker An attacker can pass an unidentified vector, causing a denial of service. ----------------------------------------------------------------------\n\n\nPublic Beta of CSI and WSUS Integration\nhttp://secunia.com/blog/74\n\n\n----------------------------------------------------------------------\n\nTITLE:\nSymantec Products \"SYMLTCOM.dll\" ActiveX Control Buffer Overflow\n\nSECUNIA ADVISORY ID:\nSA38654\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/38654/\n\nDESCRIPTION:\nA vulnerability has been reported in some Symantec products, which\ncan be exploited by malicious people to compromise a user\u0027s system. \n\nThe vulnerability is caused due to an input validation error in the\nSYMLTCOM.dll ActiveX control, which can be exploited to cause e.g. a\nstack-based buffer overflow when a user visits a specially crafted\nweb page. \n\nSuccessful exploitation allows execution of arbitrary code, but is\nlimited to a certain unspecified domain. \n\nSymantec Client Security 3.0.x:\nUpdate to SCS 3.1 MR9. \n\nSymantec Client Security 3.1.x:\nUpdate to MR9. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits FrSIRT. \n\nORIGINAL ADVISORY:\nSymantec SYM10-003:\nhttp://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_01\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. VUPEN Security Research - Symantec Products \"SYMLTCOM.dll\" Buffer Overflow \nVulnerability\n\nhttp://www.vupen.com/english/research.php\n\n\nI. DESCRIPTION\n--------------------- \n\nVUPEN Vulnerability Research Team discovered a vulnerability in various\nSymantec security products. \n\n\nII. CREDIT\n-------------- \n\nThe vulnerabilities were discovered by VUPEN Security\n\n\nV. ABOUT VUPEN Security\n---------------------------------\n\nVUPEN is a leading IT security research company providing vulnerability\nmanagement services to allow enterprises and organizations to eliminate\nvulnerabilities before they can be exploited, ensure security policy\ncompliance and meaningfully measure and manage risks. \n\nVUPEN also provides research services for security vendors (antivirus,\nIDS, IPS,etc) to supplement their internal vulnerability research efforts\nand quickly develop vulnerability-based and exploit-based signatures,\nrules, and filters, and proactively protect their customers against\npotential threats. \n\n* VUPEN Vulnerability Notification Service:\n\nhttp://www.vupen.com/english/services\n\n* VUPEN Exploits and In-Depth Vulnerability Analysis:\n\nhttp://www.vupen.com/exploits\n\n\nVI. REFERENCES\n----------------------\n\nhttp://www.vupen.com/english/advisories/2010/0411\nhttp://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_01\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0107\n\n\nVII. DISCLOSURE TIMELINE\n----------------------------------- \n\n2008-04-07 - Vendor notified\n2008-04-08 - Vendor response\n2008-05-09 - Status update received\n2008-06-10 - Status update received\n2008-12-05 - Status update received\n2010-02-18 - Patches available, public disclosure\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-0107"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005201"
      },
      {
        "db": "BID",
        "id": "38217"
      },
      {
        "db": "VULHUB",
        "id": "VHN-42712"
      },
      {
        "db": "PACKETSTORM",
        "id": "86447"
      },
      {
        "db": "PACKETSTORM",
        "id": "86693"
      }
    ],
    "trust": 2.16
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-42712",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42712"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2010-0107",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "38217",
        "trust": 2.0
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-0411",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "38654",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1023628",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1023631",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1023630",
        "trust": 1.7
      },
      {
        "db": "SECTRACK",
        "id": "1023629",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "62412",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005201",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201002-232",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "56357",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "86693",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-42712",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "86447",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42712"
      },
      {
        "db": "BID",
        "id": "38217"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005201"
      },
      {
        "db": "PACKETSTORM",
        "id": "86447"
      },
      {
        "db": "PACKETSTORM",
        "id": "86693"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0107"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201002-232"
      }
    ]
  },
  "id": "VAR-201002-0080",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42712"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:11:25.763000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SYM10-003",
        "trust": 0.8,
        "url": "http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_01"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005201"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42712"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005201"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0107"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://www.vupen.com/english/advisories/2010/0411"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/38217"
      },
      {
        "trust": 1.7,
        "url": "http://osvdb.org/62412"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1023628"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1023629"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1023630"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1023631"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/38654"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/509717/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56357"
      },
      {
        "trust": 1.1,
        "url": "http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_01"
      },
      {
        "trust": 1.0,
        "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_01"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0107"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0107"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/56357"
      },
      {
        "trust": 0.3,
        "url": "https://www.f-secure.com"
      },
      {
        "trust": 0.3,
        "url": "http://support.microsoft.com/kb/240797"
      },
      {
        "trust": 0.1,
        "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026amp;pvid=security_advisory\u0026amp;year=2010\u0026amp;suid=20100217_01"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/38654/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/blog/74"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.vupen.com/english/research.php"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2010-0107"
      },
      {
        "trust": 0.1,
        "url": "http://www.vupen.com/exploits"
      },
      {
        "trust": 0.1,
        "url": "http://www.vupen.com/english/services"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-42712"
      },
      {
        "db": "BID",
        "id": "38217"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005201"
      },
      {
        "db": "PACKETSTORM",
        "id": "86447"
      },
      {
        "db": "PACKETSTORM",
        "id": "86693"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0107"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201002-232"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-42712"
      },
      {
        "db": "BID",
        "id": "38217"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005201"
      },
      {
        "db": "PACKETSTORM",
        "id": "86447"
      },
      {
        "db": "PACKETSTORM",
        "id": "86693"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0107"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201002-232"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-02-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-42712"
      },
      {
        "date": "2010-02-17T00:00:00",
        "db": "BID",
        "id": "38217"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-005201"
      },
      {
        "date": "2010-02-18T17:45:10",
        "db": "PACKETSTORM",
        "id": "86447"
      },
      {
        "date": "2010-02-25T06:29:19",
        "db": "PACKETSTORM",
        "id": "86693"
      },
      {
        "date": "2010-02-23T20:30:00.467000",
        "db": "NVD",
        "id": "CVE-2010-0107"
      },
      {
        "date": "2010-02-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201002-232"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-42712"
      },
      {
        "date": "2010-02-17T00:00:00",
        "db": "BID",
        "id": "38217"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-005201"
      },
      {
        "date": "2018-10-10T19:51:03.757000",
        "db": "NVD",
        "id": "CVE-2010-0107"
      },
      {
        "date": "2010-02-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201002-232"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "86693"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201002-232"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Symantec N360 Such as  SYMLTCOM.dll Vulnerable to buffer overflow",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-005201"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201002-232"
      }
    ],
    "trust": 0.6
  }
}

GSD-2010-0107

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2010-0107

Aliases

CVE-2010-0107

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-0107",
    "description": "Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.  NOTE: this is only a vulnerability if the attacker can \"masquerade as an authorized site.\"",
    "id": "GSD-2010-0107"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-0107"
      ],
      "details": "Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.  NOTE: this is only a vulnerability if the attacker can \"masquerade as an authorized site.\"",
      "id": "GSD-2010-0107",
      "modified": "2023-12-13T01:21:28.435313Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2010-0107",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.  NOTE: this is only a vulnerability if the attacker can \"masquerade as an authorized site.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "62412",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/62412"
          },
          {
            "name": "20100224 VUPEN Security Research - Symantec Products \"SYMLTCOM.dll\" Buffer Overflow Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/509717/100/0/threaded"
          },
          {
            "name": "1023630",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1023630"
          },
          {
            "name": "38654",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38654"
          },
          {
            "name": "symantec-symltcom-activex-bo(56357)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56357"
          },
          {
            "name": "ADV-2010-0411",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/0411"
          },
          {
            "name": "1023631",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1023631"
          },
          {
            "name": "38217",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/38217"
          },
          {
            "name": "1023628",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1023628"
          },
          {
            "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_01",
            "refsource": "CONFIRM",
            "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_01"
          },
          {
            "name": "1023629",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1023629"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2008:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:2007:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.0.2.2001:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.0.2.2000:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1:mr5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1:mr6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:2008:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_internet_security:2007:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.0.2.2010:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.0.2.2002:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.0.1.1001:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.0.1.1000:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1.401:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1:mr4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.0.2.2021:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.0.1.1009:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1.0.396:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1.0.401:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_360:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:norton_360:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.0.2.2020:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.0.2.2011:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.0.1.1008:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.0.1.1007:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1.396:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1.400:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-0107"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.  NOTE: this is only a vulnerability if the attacker can \"masquerade as an authorized site.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1023631",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1023631"
            },
            {
              "name": "1023629",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1023629"
            },
            {
              "name": "ADV-2010-0411",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0411"
            },
            {
              "name": "1023628",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1023628"
            },
            {
              "name": "1023630",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1023630"
            },
            {
              "name": "38654",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/38654"
            },
            {
              "name": "38217",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/38217"
            },
            {
              "name": "62412",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/62412"
            },
            {
              "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_01",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_01"
            },
            {
              "name": "symantec-symltcom-activex-bo(56357)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56357"
            },
            {
              "name": "20100224 VUPEN Security Research - Symantec Products \"SYMLTCOM.dll\" Buffer Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/509717/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-10T19:51Z",
      "publishedDate": "2010-02-23T20:30Z"
    }
  }
}

GHSA-R9JQ-CHPQ-69VV

Vulnerability from github – Published: 2022-05-02 06:10 – Updated: 2022-05-02 06:10

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-0107"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-02-23T20:30:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.  NOTE: this is only a vulnerability if the attacker can \"masquerade as an authorized site.\"",
  "id": "GHSA-r9jq-chpq-69vv",
  "modified": "2022-05-02T06:10:13Z",
  "published": "2022-05-02T06:10:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0107"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56357"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/62412"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38654"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/509717/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/38217"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1023628"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1023629"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1023630"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1023631"
    },
    {
      "type": "WEB",
      "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_01"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/0411"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2010-AVI-087

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités dans plusieurs produits Symantec permettent l'exécution de code arbitraire à distance ou le contournement de la politique de sécurité.

Description

De multiples vulnérabilités ont été découvertes dans plusieurs produits Symantec :

une vulnérabilité de type débordement de mémoire a été découverte dans le composant Symantec Client Proxy. Un utilisateur peut exécuter du code arbitraire à distance par le biais d'un contrôle ActiveX spécialement conçu ;
une vulnérabilité de type débordement de mémoire a été découverte dans la bibliothèque SYMLTCOM.dll. Un utilisateur peut l'exploiter pour exécuter du code arbitraire dans le contexte du navigateur de l'utilisateur ;
une autre vulnérabilité concerne la fonctionnalité d'analyse antivirale à la demande. Cette analyse peut être contournée localement en effectuant un certain nombre d'actions spécifiques.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Symantec	N/A	Symantec Endpoint Protection versions 11.x.
Symantec	N/A	Symantec Client Security versions 3.0.x, 3.1.x ;
Symantec	N/A	Symantec AntiVirus versions 10.0.x, 10.1.x, et 10.2.x ;
Symantec	N/A	Norton Antivirus, SystemWorks, Confidential et Internet Security versions 2006, 2007 et 2008 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Symantec SYM10-003 du 17 février 2010	None	vendor-advisory
Bulletin de sécurité Symantec SYM10-004 du 17 février 2010	None	vendor-advisory
Bulletin de sécurité Symantec SYM10-002 du 17 février 2010	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Symantec Endpoint Protection versions 11.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Client Security versions 3.0.x, 3.1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec AntiVirus versions 10.0.x, 10.1.x, et 10.2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Norton Antivirus, SystemWorks, Confidential et Internet Security versions 2006, 2007 et 2008 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans plusieurs produits\nSymantec :\n\n-   une vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de m\u00e9moire a \u00e9t\u00e9 d\u00e9couverte\n    dans le composant Symantec Client Proxy. Un utilisateur peut\n    ex\u00e9cuter du code arbitraire \u00e0 distance par le biais d\u0027un contr\u00f4le\n    ActiveX sp\u00e9cialement con\u00e7u ;\n-   une vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de m\u00e9moire a \u00e9t\u00e9 d\u00e9couverte\n    dans la biblioth\u00e8que SYMLTCOM.dll. Un utilisateur peut l\u0027exploiter\n    pour ex\u00e9cuter du code arbitraire dans le contexte du navigateur de\n    l\u0027utilisateur\u00a0;\n-   une autre vuln\u00e9rabilit\u00e9 concerne la fonctionnalit\u00e9 d\u0027analyse\n    antivirale \u00e0 la demande. Cette analyse peut \u00eatre contourn\u00e9e\n    localement en effectuant un certain nombre d\u0027actions sp\u00e9cifiques.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0108"
    },
    {
      "name": "CVE-2010-0106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0106"
    },
    {
      "name": "CVE-2010-0107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0107"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-087",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-02-22T00:00:00.000000"
    },
    {
      "description": "ajout d\u0027une troisi\u00e8me vuln\u00e9rabilit\u00e9.",
      "revision_date": "2010-02-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans plusieurs produits \u003cspan\nclass=\"textit\"\u003eSymantec\u003c/span\u003e permettent l\u0027ex\u00e9cution de code arbitraire\n\u00e0 distance ou le contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans plusieurs produits Symantec",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Symantec SYM10-003 du 17 f\u00e9vrier 2010",
      "url": "http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Symantec SYM10-004 du 17 f\u00e9vrier 2010",
      "url": "http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Symantec SYM10-002 du 17 f\u00e9vrier 2010",
      "url": "http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_00"
    }
  ]
}

CERTA-2010-AVI-087

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités dans plusieurs produits Symantec permettent l'exécution de code arbitraire à distance ou le contournement de la politique de sécurité.

Description

De multiples vulnérabilités ont été découvertes dans plusieurs produits Symantec :

une vulnérabilité de type débordement de mémoire a été découverte dans le composant Symantec Client Proxy. Un utilisateur peut exécuter du code arbitraire à distance par le biais d'un contrôle ActiveX spécialement conçu ;
une vulnérabilité de type débordement de mémoire a été découverte dans la bibliothèque SYMLTCOM.dll. Un utilisateur peut l'exploiter pour exécuter du code arbitraire dans le contexte du navigateur de l'utilisateur ;
une autre vulnérabilité concerne la fonctionnalité d'analyse antivirale à la demande. Cette analyse peut être contournée localement en effectuant un certain nombre d'actions spécifiques.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Symantec	N/A	Symantec Endpoint Protection versions 11.x.
Symantec	N/A	Symantec Client Security versions 3.0.x, 3.1.x ;
Symantec	N/A	Symantec AntiVirus versions 10.0.x, 10.1.x, et 10.2.x ;
Symantec	N/A	Norton Antivirus, SystemWorks, Confidential et Internet Security versions 2006, 2007 et 2008 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Symantec SYM10-003 du 17 février 2010	None	vendor-advisory
Bulletin de sécurité Symantec SYM10-004 du 17 février 2010	None	vendor-advisory
Bulletin de sécurité Symantec SYM10-002 du 17 février 2010	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Symantec Endpoint Protection versions 11.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Client Security versions 3.0.x, 3.1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec AntiVirus versions 10.0.x, 10.1.x, et 10.2.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Norton Antivirus, SystemWorks, Confidential et Internet Security versions 2006, 2007 et 2008 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans plusieurs produits\nSymantec :\n\n-   une vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de m\u00e9moire a \u00e9t\u00e9 d\u00e9couverte\n    dans le composant Symantec Client Proxy. Un utilisateur peut\n    ex\u00e9cuter du code arbitraire \u00e0 distance par le biais d\u0027un contr\u00f4le\n    ActiveX sp\u00e9cialement con\u00e7u ;\n-   une vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de m\u00e9moire a \u00e9t\u00e9 d\u00e9couverte\n    dans la biblioth\u00e8que SYMLTCOM.dll. Un utilisateur peut l\u0027exploiter\n    pour ex\u00e9cuter du code arbitraire dans le contexte du navigateur de\n    l\u0027utilisateur\u00a0;\n-   une autre vuln\u00e9rabilit\u00e9 concerne la fonctionnalit\u00e9 d\u0027analyse\n    antivirale \u00e0 la demande. Cette analyse peut \u00eatre contourn\u00e9e\n    localement en effectuant un certain nombre d\u0027actions sp\u00e9cifiques.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0108"
    },
    {
      "name": "CVE-2010-0106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0106"
    },
    {
      "name": "CVE-2010-0107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0107"
    }
  ],
  "links": [],
  "reference": "CERTA-2010-AVI-087",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-02-22T00:00:00.000000"
    },
    {
      "description": "ajout d\u0027une troisi\u00e8me vuln\u00e9rabilit\u00e9.",
      "revision_date": "2010-02-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans plusieurs produits \u003cspan\nclass=\"textit\"\u003eSymantec\u003c/span\u003e permettent l\u0027ex\u00e9cution de code arbitraire\n\u00e0 distance ou le contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans plusieurs produits Symantec",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Symantec SYM10-003 du 17 f\u00e9vrier 2010",
      "url": "http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Symantec SYM10-004 du 17 f\u00e9vrier 2010",
      "url": "http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Symantec SYM10-002 du 17 f\u00e9vrier 2010",
      "url": "http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_00"
    }
  ]
}

FKIE_CVE-2010-0107

Vulnerability from fkie_nvd - Published: 2010-02-23 20:30 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/62412
cve@mitre.org	http://secunia.com/advisories/38654	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/509717/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/38217
cve@mitre.org	http://www.securitytracker.com/id?1023628
cve@mitre.org	http://www.securitytracker.com/id?1023629
cve@mitre.org	http://www.securitytracker.com/id?1023630
cve@mitre.org	http://www.securitytracker.com/id?1023631
cve@mitre.org	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_01
cve@mitre.org	http://www.vupen.com/english/advisories/2010/0411	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/56357
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/62412
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38654	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/509717/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/38217
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1023628
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1023629
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1023630
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1023631
af854a3a-2127-422b-91ae-364da2661108	http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_01
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0411	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/56357

Impacted products

Vendor	Product	Version
symantec	client_security	3.0
symantec	client_security	3.0.1.1000
symantec	client_security	3.0.1.1001
symantec	client_security	3.0.1.1007
symantec	client_security	3.0.1.1008
symantec	client_security	3.0.1.1009
symantec	client_security	3.0.2
symantec	client_security	3.0.2.2000
symantec	client_security	3.0.2.2001
symantec	client_security	3.0.2.2002
symantec	client_security	3.0.2.2010
symantec	client_security	3.0.2.2011
symantec	client_security	3.0.2.2020
symantec	client_security	3.0.2.2021
symantec	client_security	3.1
symantec	client_security	3.1
symantec	client_security	3.1
symantec	client_security	3.1
symantec	client_security	3.1.0.396
symantec	client_security	3.1.0.401
symantec	client_security	3.1.396
symantec	client_security	3.1.400
symantec	client_security	3.1.401
symantec	norton_360	1.0
symantec	norton_360	2.0
symantec	norton_antivirus	2006
symantec	norton_antivirus	2007
symantec	norton_antivirus	2008
symantec	norton_internet_security	2006
symantec	norton_internet_security	2007
symantec	norton_internet_security	2008

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:symantec:client_security:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "844A6963-F60C-4D48-8445-9056C99201D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:3.0.1.1000:*:*:*:*:*:*:*",
              "matchCriteriaId": "2852548A-39A6-44FB-A73E-96507BA0CD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:3.0.1.1001:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB9641FC-FF7B-4413-8163-B795AA35C888",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:3.0.1.1007:*:*:*:*:*:*:*",
              "matchCriteriaId": "17862D7F-7001-46B8-A415-2A15A247E9BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:3.0.1.1008:*:*:*:*:*:*:*",
              "matchCriteriaId": "170AEE7B-31AF-44E2-9B63-9703D0DE721C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:3.0.1.1009:*:*:*:*:*:*:*",
              "matchCriteriaId": "E651C9BE-201B-4DDC-A650-F9269531290C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "56EA0BAC-ED6D-45D2-995C-18B828906E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "63B1A9FC-707C-4F6F-959B-30B28E43D202",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2001:*:*:*:*:*:*:*",
              "matchCriteriaId": "87E4E013-A819-42E0-8F8E-9B2D409F900E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "097B87A8-8176-4426-BDE4-6FDDD272E1B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2010:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EBD7767-C352-435B-8963-83F723FFD302",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2011:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2FC1708-B643-4489-A59C-EBDAFD9B0078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2020:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCE0C8A-A97C-4DE1-B0EE-3A2D16A34C77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:3.0.2.2021:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE714705-CEE9-4BA1-8573-FD3765BC7F94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D24019B-20F0-4B4D-86A5-9409698E6216",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:3.1:mr4:*:*:*:*:*:*",
              "matchCriteriaId": "CD25A172-D70C-44E0-9551-F390AF0AD8A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:3.1:mr5:*:*:*:*:*:*",
              "matchCriteriaId": "8FB89648-5727-4F8F-83B7-3E11CE69EA3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:3.1:mr6:*:*:*:*:*:*",
              "matchCriteriaId": "7E5A8C92-95C4-4ECC-AEA4-37F830B890E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:3.1.0.396:*:*:*:*:*:*:*",
              "matchCriteriaId": "17110872-8BD5-4CB0-9F2A-B18D091A7EC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:3.1.0.401:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D29AD07-6545-4180-8E32-C18586684845",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:3.1.396:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3706E76-FC65-467E-8D09-A9EAC32E9BBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:3.1.400:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF555313-BB5A-4D8A-A3A1-609ABC39F6FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:client_security:3.1.401:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC74372F-329A-4597-810B-88B865771C9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_360:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00819E08-CC5C-48FC-9F80-95B68AB19C65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_360:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9405ECC3-F518-40F7-9541-904C6FACBC85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*",
              "matchCriteriaId": "44843812-35FC-4378-B239-EEC74A0C8A39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "C988B309-F397-412A-8570-C3823C7FE7E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_antivirus:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA990FD5-DF2F-470A-936D-155A36BEDE3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1CC64B1-772C-42A9-9B0A-08CA92DC87E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_internet_security:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "692ECBCD-AB6B-4965-93F4-BDAD4777C018",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:symantec:norton_internet_security:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EF87752-C86D-4C89-9DE9-F874068C89EC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.  NOTE: this is only a vulnerability if the attacker can \"masquerade as an authorized site.\""
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en el control ActiveX (SYMLTCOM.dll) en Symantec N360 v1.0 y v2.0; Norton Internet Security, AntiVirus, SystemWorks, y Confidential 2006 through 2008; y Symantec Client Security v3.0.x anteriores a v3.1 MR9, y v3.1.x anteriores a MR9; permite a atacantes remotos producir una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos. NOTA: Esto solo es una vulnerabilidad si el atacante puede actuar como si fuese un sitio autorizado."
    }
  ],
  "id": "CVE-2010-0107",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-02-23T20:30:00.467",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/62412"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38654"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/509717/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/38217"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1023628"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1023629"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1023630"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1023631"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_01"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0411"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56357"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/62412"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38654"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/509717/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/38217"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1023628"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1023629"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1023630"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1023631"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026year=2010\u0026suid=20100217_01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0411"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56357"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-0107 (GCVE-0-2010-0107)

VAR-201002-0080

I. DESCRIPTION

II. CREDIT

V. ABOUT VUPEN Security

VI. REFERENCES

VII. DISCLOSURE TIMELINE

GSD-2010-0107

GHSA-R9JQ-CHPQ-69VV

CERTA-2010-AVI-087

Description

Solution

CERTA-2010-AVI-087

Description

Solution

FKIE_CVE-2010-0107

Tags

Sightings

Nomenclature