Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0313

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-0313
Last Modified 07 Mar 2011 10:04:18
Published 08 Apr 2008 01:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0313

Summary

The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, does not properly determine the location of the AutoFix Tool, which allows remote attackers to execute arbitrary code via a remote (1) WebDAV or (2) SMB share.

Vulnerable Systems

Application

  • Symantec Norton 360 1.0

  • Symantec Norton Antivirus 2006

  • Symantec Norton Antivirus 2007

  • Symantec Norton Antivirus 2008

  • Symantec Norton Internet Security 2006

  • Symantec Norton Internet Security 2007

  • Symantec Norton Internet Security 2008

  • Symantec System Works 2006

  • Symantec System Works 2007

  • Symantec System Works 2008


References

BID - 28509

SECUNIA - 29660

XF - symantec-autofixtool-code-execution(41631)

VUPEN - ADV-2008-1077

SECTRACK - 1019753

SECTRACK - 1019752

SECTRACK - 1019751

CONFIRM - http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html

IDEFENSE - 20080402 Symantec Internet Security 2008 ActiveDataInfo.LaunchProcess Design Error Vulnerability


Last Updated: 27 May 2016 10:46:46