Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0312

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-0312
Last Modified 30 Oct 2012 10:50:49
Published 08 Apr 2008 01:05:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0312

Summary

Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Symantec Norton 360 1.0

  • Symantec Norton Antivirus 2006

  • Symantec Norton Antivirus 2007

  • Symantec Norton Antivirus 2008

  • Symantec Norton Internet Security 2006

  • Symantec Norton Internet Security 2007

  • Symantec Norton Internet Security 2008

  • Symantec Norton System Works 2006

  • Symantec Norton System Works 2007

  • Symantec Norton System Works 2008


References

SECTRACK - 1019753

SECTRACK - 1019752

SECTRACK - 1019751

BID - 28507

CONFIRM - http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html

SECUNIA - 29660

VUPEN - ADV-2008-1077

IDEFENSE - 20080402 Symantec Norton Internet Security 2008 ActiveX Control Buffer Overflow Vulnerability

XF - symantec-autofixtool-bo(41629)


Last Updated: 27 May 2016 10:55:04