Computer Security
[EN] securityvulns.ru
no-pyccku



Symantec multiple antiviral applications buffer overflow
Published:25.02.2010
Source:BUGTRAQ
SecurityVulns ID:10650
Type:client
Level:8/10
Description:Buffer overflow on content parsing. Buffer overflow in ActiveX.
Affected:SYMANTEC : Symantec Client Security 3.0
 SYMANTEC : Symantec Client Security 3.1
 SYMANTEC : Norton Internet Security 2006
 SYMANTEC : Norton AntiVirus 2006
 SYMANTEC : Norton SystemWorks 2006
 SYMANTEC : Norton Internet Security 2008
 SYMANTEC : Norton 360 1.0
 SYMANTEC : Norton 360 2.0
 SYMANTEC : Norton Internet Security 2007
 SYMANTEC : Norton AntiVirus 2007
 SYMANTEC : Norton AntiVirus 2008
 SYMANTEC : Norton SystemWorks 2007
 SYMANTEC : Norton SystemWorks 2008
CVE:CVE-2010-0108 (Buffer overflow in the cliproxy.objects.1 ActiveX control in the Symantec Client Proxy (CLIproxy.dll) in Symantec AntiVirus 10.0.x, 10.1.x before MR9, and 10.2.x before MR4; and Symantec Client Security 3.0.x and 3.1.x before MR9 allows remote attackers to execute arbitrary code via a long argument to the SetRemoteComputerName function.)
 CVE-2010-0107 (Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. NOTE: this is only a vulnerability if the attacker can "masquerade as an authorized site.")
Original documentdocumentAlexandr Polyakov, [DSECRG-09-039] Symantec Antivirus 10.0 ActiveX - buffer Overflow. (25.02.2010)
 documentVUPEN Security Research, VUPEN Security Research - Symantec Products "SYMLTCOM.dll" Buffer Overflow Vulnerability (25.02.2010)
Discuss:Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru