CVE-2010-0107
Description
Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. NOTE: this is only a vulnerability if the attacker can "masquerade as an authorized site."
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| symantec | norton_antivirus | 2008 | |
| symantec | norton_internet_security | 2006 | |
| symantec | norton_internet_security | 2007 | |
| symantec | norton_internet_security | 2008 | |
| symantec | client_security | 3.0 | |
| symantec | client_security | 3.0.1.1000 | |
| symantec | client_security | 3.0.1.1001 | |
| symantec | client_security | 3.0.1.1007 | |
| symantec | client_security | 3.0.1.1008 | |
| symantec | client_security | 3.0.1.1009 | |
| symantec | client_security | 3.0.2 | |
| symantec | client_security | 3.0.2.2000 | |
| symantec | client_security | 3.0.2.2001 | |
| symantec | client_security | 3.0.2.2002 | |
| symantec | client_security | 3.0.2.2010 | |
| symantec | client_security | 3.0.2.2011 | |
| symantec | client_security | 3.0.2.2020 | |
| symantec | client_security | 3.0.2.2021 | |
| symantec | client_security | 3.1 | |
| symantec | client_security | 3.1.0.396 | |
| symantec | client_security | 3.1.0.401 | |
| symantec | client_security | 3.1.396 | |
| symantec | client_security | 3.1.400 | |
| symantec | client_security | 3.1.401 | |
| symantec | norton_360 | 1.0 | |
| symantec | norton_360 | 2.0 | |
| symantec | norton_antivirus | 2006 | |
| symantec | norton_antivirus | 2007 | |
References
- http://osvdb.org/62412
- http://secunia.com/advisories/38654
- http://www.securityfocus.com/archive/1/509717/100/0/threaded
- http://www.securityfocus.com/bid/38217
- http://www.securitytracker.com/id?1023628
- http://www.securitytracker.com/id?1023629
- http://www.securitytracker.com/id?1023630
- http://www.securitytracker.com/id?1023631
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_01
- http://www.vupen.com/english/advisories/2010/0411
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56357
- http://osvdb.org/62412
- http://secunia.com/advisories/38654
- http://www.securityfocus.com/archive/1/509717/100/0/threaded
- http://www.securityfocus.com/bid/38217
- http://www.securitytracker.com/id?1023628
- http://www.securitytracker.com/id?1023629
- http://www.securitytracker.com/id?1023630
- http://www.securitytracker.com/id?1023631
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_01
- http://www.vupen.com/english/advisories/2010/0411
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56357
CWEs
CWE-119
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.