Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1428

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-1428
Last Modified 06 Feb 2013 11:17:22
Published 29 Apr 2009 11:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1428

Summary

Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus (SAV) before 10.1 MR8, Symantec Endpoint Protection (SEP) 11.0 before 11.0 MR1, Norton 360 1.0, and Norton Internet Security 2005 through 2008, allow remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, related to "two parsing errors."

Vulnerable Systems

Application

  • Symantec Antivirus 10.0

  • Symantec Antivirus 10.0.1

  • Symantec Antivirus 10.0.1.1

  • Symantec Antivirus 10.0.2

  • Symantec Antivirus 10.0.2.1

  • Symantec Antivirus 10.0.2.2

  • Symantec Antivirus 10.0.3

  • Symantec Antivirus 10.0.4

  • Symantec Antivirus 10.0.5

  • Symantec Antivirus 10.0.6

  • Symantec Antivirus 10.0.7

  • Symantec Antivirus 10.0.8

  • Symantec Antivirus 10.0.9

  • Symantec Antivirus 10.1

  • Symantec Endpoint Protection 11.0

  • Symantec Norton 360 1.0

  • Symantec Norton Internet Security 2005

  • Symantec Norton Internet Security 2005 Contains Nav 11.0.0

  • Symantec Norton Internet Security 2006

  • Symantec Norton Internet Security 2007

  • Symantec Norton Internet Security 2008


References

CONFIRM - http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_01

XF - multiple-symantec-log-xss(50170)

VUPEN - ADV-2009-1203

SECTRACK - 1022135

SECTRACK - 1022134

SECTRACK - 1022133

BID - 34669

SECUNIA - 34936

OSVDB - 54132

CONFIRM - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_01


Last Updated: 27 May 2016 11:01:48