Symantec Norton AntiVirus vulnerable to DoS via the "Auto-Protect" module
2005-03-30T00:00:00
ID VU:146020 Type cert Reporter CERT Modified 2005-03-30T00:00:00
Description
Overview
Symantec Norton AntiVirus may hang or crash when the Auto-Protect module scans certain files.
Description
Symantec Norton AntiVirus is an anti-virus product for desktop and enterprise use. The Norton AntiVirus "Auto-Protect" module provides automatic file scanning and detection of viruses, Trojans, and worms. However, the Auto-Protect module may hang when scanning certain file types.
Impact
A user may be able to cause the system to crash or hang by introducing a certain file type to the system. The user may introduce the file by downloading it, copying it, or receiving it in electronic mail, for example. Electronic mail and similar file introduction vectors may allow a remote attacker to exploit this flaw with a minimum of local user interaction.
Solution
Apply an update
Symantec has released fixes for this problem that are available through the LiveUpdate functionality of the products. Symantec advisory SYM05-006 provides details on obtaining updates through LiveUpdate or other channels.
Systems Affected
Vendor| Status| Date Notified| Date Updated
---|---|---|---
Symantec Corporation| | -| 30 Mar 2005
If you are a vendor and your product is affected, let us know.
{"id": "VU:146020", "bulletinFamily": "info", "title": "Symantec Norton AntiVirus vulnerable to DoS via the \"Auto-Protect\" module", "description": "### Overview\n\nSymantec Norton AntiVirus may hang or crash when the Auto-Protect module scans certain files.\n\n### Description\n\nSymantec Norton AntiVirus is an anti-virus product for desktop and enterprise use. The Norton AntiVirus \"Auto-Protect\" module provides automatic file scanning and detection of viruses, Trojans, and worms. However, the Auto-Protect module may hang when scanning certain file types. \n \n--- \n \n### Impact\n\nA user may be able to cause the system to crash or hang by introducing a certain file type to the system. The user may introduce the file by downloading it, copying it, or receiving it in electronic mail, for example. Electronic mail and similar file introduction vectors may allow a remote attacker to exploit this flaw with a minimum of local user interaction. \n \n--- \n \n### Solution\n\n**Apply an update**\n\nSymantec has released fixes for this problem that are available through the LiveUpdate functionality of the products. [Symantec advisory SYM05-006](<http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html>) provides details on obtaining updates through LiveUpdate or other channels. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nSymantec Corporation| | -| 30 Mar 2005 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23146020 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html>\n * <http://secunia.com/advisories/14741/>\n * <http://www.securityfocus.com/bid/12923>\n * <http://www.securitytracker.com/alerts/2005/Mar/1013587>\n\n### Credit\n\nThanks to Isamu Noguchi, JPCERT, and IPA for reporting this vulnerability.\n\nThis document was written by Ken MacInnis.\n\n### Other Information\n\n * CVE IDs: [CAN-2005-0922](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2005-0922>)\n * Date Public: 28 Mar 2005\n * Date First Published: 30 Mar 2005\n * Date Last Updated: 30 Mar 2005\n * Severity Metric: 4.50\n * Document Revision: 8\n\n", "published": "2005-03-30T00:00:00", "modified": "2005-03-30T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.kb.cert.org/vuls/id/146020", "reporter": "CERT", "references": ["http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html", "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html", "http://www.securityfocus.com/bid/12923", "http://www.securitytracker.com/alerts/2005/Mar/1013587", "http://secunia.com/advisories/14741/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2005-0922"], "cvelist": ["CVE-2005-0922", "CVE-2005-0922"], "type": "cert", "lastseen": "2018-08-31T02:36:58", "history": [{"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2005-0922", "CVE-2005-0922"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "### Overview\n\nSymantec Norton AntiVirus may hang or crash when the Auto-Protect module scans certain files.\n\n### Description\n\nSymantec Norton AntiVirus is an anti-virus product for desktop and enterprise use. The Norton AntiVirus \"Auto-Protect\" module provides automatic file scanning and detection of viruses, Trojans, and worms. However, the Auto-Protect module may hang when scanning certain file types. \n \n--- \n \n### Impact\n\nA user may be able to cause the system to crash or hang by introducing a certain file type to the system. The user may introduce the file by downloading it, copying it, or receiving it in electronic mail, for example. Electronic mail and similar file introduction vectors may allow a remote attacker to exploit this flaw with a minimum of local user interaction. \n \n--- \n \n### Solution\n\n**Apply an update**\n\nSymantec has released fixes for this problem that are available through the LiveUpdate functionality of the products. [Symantec advisory SYM05-006](<http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html>) provides details on obtaining updates through LiveUpdate or other channels. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nSymantec Corporation| | -| 30 Mar 2005 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23146020 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html>\n * <http://secunia.com/advisories/14741/>\n * <http://www.securityfocus.com/bid/12923>\n * <http://www.securitytracker.com/alerts/2005/Mar/1013587>\n\n### Credit\n\nThanks to Isamu Noguchi, JPCERT, and IPA for reporting this vulnerability.\n\nThis document was written by Ken MacInnis.\n\n### Other Information\n\n * CVE IDs: [CAN-2005-0922](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2005-0922>)\n * Date Public: 28 Mar 2005\n * Date First Published: 30 Mar 2005\n * Date Last Updated: 30 Mar 2005\n * Severity Metric: 4.50\n * Document Revision: 8\n\n", "edition": 2, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "021c8521d38bc8c58a61af3aa890160974a6c0a2f9c128046ab0840b71c65c76", "hashmap": [{"hash": "b6ba9fa6ea18201bf39ea635ecca9f13", "key": "type"}, {"hash": "686e477a4684c90b7c321316e81e02d5", "key": "title"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "6f011dfeef88e3c5e3b4e9e2b051bb0f", "key": "published"}, {"hash": "6f011dfeef88e3c5e3b4e9e2b051bb0f", "key": "modified"}, {"hash": "ca62f274b299a95d100b5006d35176e6", "key": "references"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "15131e982a425dd0f75f5251bee03925", "key": "description"}, {"hash": "acc4f2a0d80bc4b15132df4b94a3deb9", "key": "href"}, {"hash": "5d2cfab83ed6e86a4812690790dc7ad5", "key": "reporter"}, {"hash": "3e646632cec14a79171293557a689c06", "key": "cvelist"}], "history": [], "href": "https://www.kb.cert.org/vuls/id/146020", "id": "VU:146020", "lastseen": "2018-08-30T20:37:09", "modified": "2005-03-30T00:00:00", "objectVersion": "1.3", "published": "2005-03-30T00:00:00", "references": ["http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html", "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html", "http://www.securityfocus.com/bid/12923", "http://www.securitytracker.com/alerts/2005/Mar/1013587", "http://secunia.com/advisories/14741/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2005-0922"], "reporter": "CERT", "title": "Symantec Norton AntiVirus vulnerable to DoS via the \"Auto-Protect\" module", "type": "cert", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T20:37:09"}, {"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2005-0922", "CVE-2005-0922"], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "description": "### Overview\n\nSymantec Norton AntiVirus may hang or crash when the Auto-Protect module scans certain files.\n\n### Description\n\nSymantec Norton AntiVirus is an anti-virus product for desktop and enterprise use. The Norton AntiVirus \"Auto-Protect\" module provides automatic file scanning and detection of viruses, Trojans, and worms. However, the Auto-Protect module may hang when scanning certain file types. \n \n--- \n \n### Impact\n\nA user may be able to cause the system to crash or hang by introducing a certain file type to the system. The user may introduce the file by downloading it, copying it, or receiving it in electronic mail, for example. Electronic mail and similar file introduction vectors may allow a remote attacker to exploit this flaw with a minimum of local user interaction. \n \n--- \n \n### Solution\n\n**Apply an update**\n\nSymantec has released fixes for this problem that are available through the LiveUpdate functionality of the products. [Symantec advisory SYM05-006](<http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html>) provides details on obtaining updates through LiveUpdate or other channels. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nSymantec Corporation| | -| 30 Mar 2005 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23146020 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html>\n * <http://secunia.com/advisories/14741/>\n * <http://www.securityfocus.com/bid/12923>\n * <http://www.securitytracker.com/alerts/2005/Mar/1013587>\n\n### Credit\n\nThanks to Isamu Noguchi, JPCERT, and IPA for reporting this vulnerability.\n\nThis document was written by Ken MacInnis.\n\n### Other Information\n\n * CVE IDs: [CAN-2005-0922](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2005-0922>)\n * Date Public: 28 Mar 2005\n * Date First Published: 30 Mar 2005\n * Date Last Updated: 30 Mar 2005\n * Severity Metric: 4.50\n * Document Revision: 8\n\n", "edition": 1, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "baa431467ec3e6bb467f76aa6b961f11537dfeccbafbb9b3235123aea052a24e", "hashmap": [{"hash": "b6ba9fa6ea18201bf39ea635ecca9f13", "key": "type"}, {"hash": "686e477a4684c90b7c321316e81e02d5", "key": "title"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "6f011dfeef88e3c5e3b4e9e2b051bb0f", "key": "published"}, {"hash": "6f011dfeef88e3c5e3b4e9e2b051bb0f", "key": "modified"}, {"hash": "ca62f274b299a95d100b5006d35176e6", "key": "references"}, {"hash": "15131e982a425dd0f75f5251bee03925", "key": "description"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "acc4f2a0d80bc4b15132df4b94a3deb9", "key": "href"}, {"hash": "5d2cfab83ed6e86a4812690790dc7ad5", "key": "reporter"}, {"hash": "3e646632cec14a79171293557a689c06", "key": "cvelist"}], "history": [], "href": "https://www.kb.cert.org/vuls/id/146020", "id": "VU:146020", "lastseen": "2016-02-03T09:12:18", "modified": "2005-03-30T00:00:00", "objectVersion": "1.2", "published": "2005-03-30T00:00:00", "references": ["http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html", "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html", "http://www.securityfocus.com/bid/12923", "http://www.securitytracker.com/alerts/2005/Mar/1013587", "http://secunia.com/advisories/14741/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CAN-2005-0922"], "reporter": "CERT", "title": "Symantec Norton AntiVirus vulnerable to DoS via the \"Auto-Protect\" module", "type": "cert", "viewCount": 0}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2016-02-03T09:12:18"}], "edition": 3, "hashmap": [{"key": "bulletinFamily", "hash": "caf9b6b99962bf5c2264824231d7a40c"}, {"key": "cvelist", "hash": "3e646632cec14a79171293557a689c06"}, {"key": "cvss", "hash": "84813b1457b92d6ba1174abffbb83a2f"}, {"key": "description", "hash": "15131e982a425dd0f75f5251bee03925"}, {"key": "href", "hash": "acc4f2a0d80bc4b15132df4b94a3deb9"}, {"key": "modified", "hash": "6f011dfeef88e3c5e3b4e9e2b051bb0f"}, {"key": "published", "hash": "6f011dfeef88e3c5e3b4e9e2b051bb0f"}, {"key": "references", "hash": "ca62f274b299a95d100b5006d35176e6"}, {"key": "reporter", "hash": "5d2cfab83ed6e86a4812690790dc7ad5"}, {"key": "title", "hash": "686e477a4684c90b7c321316e81e02d5"}, {"key": "type", "hash": "b6ba9fa6ea18201bf39ea635ecca9f13"}], "hash": "baa431467ec3e6bb467f76aa6b961f11537dfeccbafbb9b3235123aea052a24e", "viewCount": 0, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}, "vulnersScore": 2.1}, "objectVersion": "1.3"}
{"cve": [{"lastseen": "2016-09-03T05:15:46", "references": ["http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html", "http://securitytracker.com/id?1013586", "http://www.kb.cert.org/vuls/id/146020", "http://www.securityfocus.com/bid/12923", "http://securitytracker.com/id?1013585", "http://securitytracker.com/id?1013587"], "description": "Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (system hang or crash) by triggering a scan of a certain file type.", "edition": 1, "reporter": "NVD", "published": "2005-05-02T00:00:00", "title": "CVE-2005-0922", "type": "cve", "enchantments": {"score": {"modified": "2016-09-03T05:15:46", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2005-0922"], "scanner": [], "cpe": ["cpe:/a:symantec:norton_antivirus:2.1::ms_exchange", "cpe:/a:symantec:norton_internet_security:2004::professional", "cpe:/a:symantec:norton_antivirus:2005", "cpe:/a:symantec:norton_system_works:2005_premier", "cpe:/a:symantec:norton_internet_security:2005", "cpe:/a:symantec:norton_system_works:2004_professional"], "modified": "2008-09-05T16:47:41", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0922", "id": "CVE-2005-0922", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}
