Symantec CIDS Driver PE File Memory Corruption Vulnerability

Symantec Client Intrusion Detection System is a client-side intrusion detection system. A memory corruption vulnerability exists in the Symantec Client Intrusion Detection System CIDS driver in the CIDS engine driver when processing constructed PE files. This could result in malicious code being...

Symantec Client Firewall Products 5 SYMNDIS.SYS Driver Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9912/info Symantec Client Firewall has been reported to be prone to a remote denial of service vulnerability. The issue is reported to present itself in the TCP packet processing routines of the affected software. It is...

Symantec Multiple Products Client Proxy ActiveX (CLIproxy.dll) Remote Overflow

No description provided by source. source: http://www.securityfocus.com/bid/38222/info The Symantec Client Proxy ActiveX control is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Successful exploits allow remote...

CVE-2010-0107

Buffer overflow in an ActiveX control SYMLTCOM.dll in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service cras...

CVE-2010-0107

VUPEN and security docs confirm a buffer overflow in SYMLTCOM.dll (ActiveX) affecting Symantec/Norton products across N360 1.0–2.0, Norton Internet Security, AntiVirus, SystemWorks and Confidential 2006–2008, and Symantec Client Security 3.0.x before 3.1 MR9 and 3.1.x before MR9. The overflow occ...

Symantec Client Proxy ActiveX控件缓冲区溢出漏洞

BUGTRAQ ID: 38222 CVE ID: CVE-2010-0108 Symantec Client Security是集成了反病毒和防火墙的个人终端安全产品，Client Proxy是其中的一个组件。 Client Proxy的ActiveX控件实现上存在缓冲溢出漏洞，远程攻击者可能利用此漏洞通过诱使用户访问恶意网页在用户系统上执行任意指令，从而最终控制用户系统。 Symantec Client Security 3.1.x Symantec Client Security 3.0.x Symantec AntiVirus 10.2.x Symantec AntiVirus...

Symantec (Multiple Products) - Client Proxy ActiveX CLIproxy.dll Remote Overflow

Symantec Multiple Products - Client Proxy ActiveX CLIproxy.dll Remote Overflow source: https://www.securityfocus.com/bid/38222/info The Symantec Client Proxy ActiveX control is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on...

Symantec (Multiple Products) - Client Proxy ActiveX 'CLIproxy.dll' Remote Overflow

source: https://www.securityfocus.com/bid/38222/info The Symantec Client Proxy ActiveX control is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Successful exploits allow remote attackers to execute arbitrary code ...

Stack overflow

Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert Originator Service in Symantec Alert Management System 2 AMS2, as used in Symantec System Center SSS; Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus SAV Corporate Edition 9 before 9.0...

CVE-2009-1430

Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert Originator Service in Symantec Alert Management System 2 AMS2, as used in Symantec System Center SSS; Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus SAV Corporate Edition 9 before 9.0...

Symantec Reporting Server Improper URL Handling Exposure

SUMMARY The login web page in some versions of Symantec Reporting Server contains a URL handling error which could potentially allow an attacker to launch a phishing attack. AFFECTED PRODUCTS Product | Affected Version | Solution ---|---|--- Symantec AntiVirus Corporate Edition | 10.1 MR7 and...

Symantec Client Security Internet E-mail Auto-Protect Stack Overflow

SUMMARY A stack overflow in Symantec Anti-Virus Corporate Editions Internet Email Auto-Protect feature could potentially crash the Internet Email scanning feature. Severity Low Remote Access | No ---|--- Local Access | Yes Authentication Required | Yes Exploit publicly available | No AFFECTED...

Symantec Reporting Server Elevation of Privilege

SUMMARY Files created by Reporting Server may be accessible to an unauthorized user. Risk Impact Medium Remote Access | Yes ---|--- Local Access | Yes Authentication Required | No Exploit publicly available | No AFFECTED PRODUCTS Product | Affected Version | Updated Version | Solution...

Symantec Device Driver Elevation of Privilege

SUMMARY Symantec was notified of a vulnerability in a device driver which, if successfully exploited, could allow a local attacker to execute arbitrary code with elevated privileges or to crash the system. Risk Impact Medium Remote | No ---|--- Local | Yes Authentication Required | Yes Exploit...

CVE-2006-4855

The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1,...

Symantec Remote Management Buffer Overflow

This module exploits a stack buffer overflow in Symantec Client Security 3.0.x. This module has only been tested against Symantec Client Security 3.0.2 build 10.0.2.2000. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framewor...

Symantec real-time scan service buffer overflow

Added: 06/13/2006 CVE: CVE-2006-2630 BID: 18107 OSVDB: 25846 Background Various Symantec products include a real-time virus scan service. Problem A buffer overflow in the real-time virus scan service allows remote attackers to execute arbitrary commands. Resolution Apply patch SYM06-010. Referenc...

Symantec real-time scan service buffer overflow

Added: 06/13/2006 CVE: CVE-2006-2630 BID: 18107 OSVDB: 25846 Background Various Symantec products include a real-time virus scan service. Problem A buffer overflow in the real-time virus scan service allows remote attackers to execute arbitrary commands. Resolution Apply patch SYM06-010. Referenc...

Symantec Antivirus / Symantec Client Security privilege escalation

With help subsystem it's possible to execute code with LocalSystem privileges...

Symantec AntiVirus Corporate Edition 9.0 and Symantec Client Security 2.0 Help File Elevation of Pri

SUMMARY The Symantec AntiVirus Corporate Edition HTML client help function uses HTML help, the Windows help interface, to provide support to the client user. A non-privileged client user can manipulate the help function to access files on the system with local SYSTEM privileges. Risk Impact Mediu...