Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-3497


Vulnerability Score 6.4 6.4
CVE Id CVE-2010-3497
Last Modified 22 Aug 2012 12:00:00
Published 22 Aug 2012 06:42:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)."

Vulnerable Systems


  • Symantec Norton Antivirus 2011


BUGTRAQ - 20101018 Antivirus detection after malware execution


Last Updated: 27 May 2016 10:51:42