[email protected]CVE-2010-0107

HistoryFeb 23, 2010 - 8:30 p.m.

CVE-2010-0107

2010-02-2320:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2010-0107

buffer overflow

symantec

n360

internet security

antivirus

systemworks

confidential

symantec client security

activex control

symltcom.dll

denial of service

remote code execution

8.1 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.025 Low

EPSS

Percentile

90.1%

JSON

Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. NOTE: this is only a vulnerability if the attacker can “masquerade as an authorized site.”

CPENameOperatorVersion
symantec:client_securitysymantec client securityeq3.0
symantec:client_securitysymantec client securityeq3.0.1.1009
symantec:norton_internet_securitysymantec norton internet securityeq2008
symantec:norton_360symantec norton 360eq2.0
symantec:client_securitysymantec client securityeq3.0.2.2020
symantec:norton_antivirussymantec norton antiviruseq2008
symantec:client_securitysymantec client securityeq3.0.2.2021
symantec:norton_internet_securitysymantec norton internet securityeq2007
symantec:norton_antivirussymantec norton antiviruseq2007
symantec:client_securitysymantec client securityeq3.0.1.1000

CPE	Name	Operator	Version
symantec:client_security	symantec client security	eq	3.0
symantec:client_security	symantec client security	eq	3.0.1.1009
symantec:norton_internet_security	symantec norton internet security	eq	2008
symantec:norton_360	symantec norton 360	eq	2.0
symantec:client_security	symantec client security	eq	3.0.2.2020
symantec:norton_antivirus	symantec norton antivirus	eq	2008
symantec:client_security	symantec client security	eq	3.0.2.2021
symantec:norton_internet_security	symantec norton internet security	eq	2007
symantec:norton_antivirus	symantec norton antivirus	eq	2007
symantec:client_security	symantec client security	eq	3.0.1.1000

Rows per page:

1-10 of 281

References

osvdb.org/62412

secunia.com/advisories/38654

www.securityfocus.com/archive/1/509717/100/0/threaded

www.securityfocus.com/bid/38217

www.securitytracker.com/id?1023628

www.securitytracker.com/id?1023629

www.securitytracker.com/id?1023630

www.securitytracker.com/id?1023631

www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_01

www.vupen.com/english/advisories/2010/0411

exchange.xforce.ibmcloud.com/vulnerabilities/56357

8.1 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.025 Low

EPSS

Percentile

90.1%

JSON

Related for CVE-2010-0107

prion1 securityvulns2 nessus1