CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
21.6%
Symantec Norton AntiVirus may hang or crash when the Auto-Protect module SmartScan feature scans a renamed file on a network share.
Symantec Norton AntiVirus is an anti-virus product for desktop and enterprise use. The Norton AntiVirus “Auto-Protect” module provides automatic file scanning and detection of viruses, Trojans, and worms. The Auto-Protect module includes a feature called “SmartScan” which, as an alternative to scanning all file types, only scans specifically targeted file types and extensions. A flaw in the SmartScan feature is triggered when a file residing on a network share is renamed that may cause excessive CPU consumption and an eventual system hang or crash as a result.
A local authenticated user may be able to cause the system to crash or hang by renaming a file residing on a network share.
Apply an update
Symantec has released fixes for this problem that are available through the LiveUpdate functionality of the products. Symantec advisory SYM05-006 provides details on obtaining updates through LiveUpdate or other channels.
713620
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: March 30, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Symantec advisory SYM05-006 provides details on the vulnerability and available updates to correct the flaw.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23713620 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Isamu Noguchi, JPCERT, and IPA for reporting this vulnerability.
This document was written by Ken MacInnis.
CVE IDs: | CVE-2005-0923 |
---|---|
Severity Metric: | 4.05 Date Public: |