Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4953

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-4953
Last Modified 11 Mar 2013 11:17:30
Published 14 Nov 2012 07:30:59
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4953

Summary

The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine (SSE) before 5.2.8 does not properly perform bounds checks of the contents of CAB archives, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file.

Vulnerable Systems

Application

  • Symantec Antivirus 10.1.0

  • Symantec Antivirus 10.1.4

  • Symantec Antivirus 10.1.5

  • Symantec Antivirus 10.1.6

  • Symantec Antivirus 10.1.7

  • Symantec Antivirus 10.1.8

  • Symantec Antivirus 10.1.9

  • Symantec Endpoint Protection 11.0

  • Symantec Endpoint Protection 12.0

  • Symantec Scan Engine 5.2


References

CERT-VN - VU#985625

CONFIRM - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20121107_00

BID - 56399

CONFIRM - http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121107_00

SECTRACK - 1027726


Last Updated: 27 May 2016 10:58:28