7 matches found
CVE-2007-3699
CVE-2007-3699 affects the Decomposer component in multiple Symantec products, enabling remote attackers to trigger a denial of service (infinite loop) by crafting the PACK_SIZE field in a RAR header. Connected Nessus entries reiterate this as part of “Symantec Mail Security Engine/Scanner” vulner...
CVE-2007-0447
The CVE-2007-0447 entry corresponds to a heap-based buffer overflow in the Decomposer used by Symantec products (notably Symantec Antivirus Scan Engine / Mail Security for Exchange/Domino) when processing crafted CAB archives, enabling remote code execution. Connected details corroborate: a heap ...
CVE-2005-0249
Concretely affected: Symantec AntiVirus/Scan Engine DEC2EXE parsing engine (DEC2EXE.dll) used in the Symantec Antivirus Library. Issue: a heap-based buffer overflow caused by improper bounds checking when parsing UPX-compressed files, triggered by a crafted UPX file with a negative virtual offset...
CVE-2007-0563
Symantec Web Security (SWS) is affected by CVE-2007-0563 due to multiple XSS vulnerabilities in versions prior to 3.0.1.85. The flaws allow remote attackers to inject arbitrary script or HTML via unspecified vectors related to error messages and blocked page messages produced by SWS. OpenVAS and ...
CVE-2007-0564
Summary: CVE-2007-0564 affects Symantec Web Security (SWS) prior to version 3.0.1.85. The license registering interface can be abused to trigger a denial of service via submitting a large file, causing CPU consumption. Evidence/Details: The NVD entry specifies CPU consumption DoS with large file ...
CVE-2005-1346
CVE-2005-1346 affects multiple Symantec AntiVirus products running on Windows (e.g., Norton AntiVirus 2005 11.0.0; Web Security 3.0.1.72; Mail Security for SMTP 4.0.5.66; AntiVirus Scan Engine 4.3.7.27; SAV/Filter for Domino NT 3.1.1.87; Mail Security for Exchange 4.5.4.743). The vulnerability al...
CVE-2004-2755
CVE-2004-2755 describes an XSS in Symantec Web Security 2.5, 3.0.0, and 3.0.1 before build 62. The vulnerability allows remote attackers to inject arbitrary script or HTML via the query string of blocked URLs shown on error or block pages. The available documents confirm the affected versions and...