Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0364

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0364
Last Modified 05 Sep 2008 04:38:14
Published 15 Apr 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0364

Summary

The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers to execute arbitrary programs via the LaunchURL method.

Vulnerable Systems

Application

  • Symantec Norton Internet Security 2004


References

CERT-VN - VU#549054

MISC - http://www.nextgenss.com/advisories/nisrce.txt

XF - norton-is-launchurl-command-execution(15538)

BID - 9915

CONFIRM - http://www.sarc.com/avcenter/security/Content/2004.03.19.html

SECUNIA - 11168

BUGTRAQ - 20040319 Norton Internet Security Remote Command Execution (#NISR19042004b)

BUGTRAQ - 20040319 Ref: NGSSoftware Advisories NISR19042004a and NISR19042004b


Last Updated: 27 May 2016 10:38:34