10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
The Symantec Client Proxy integrated into older versions of Symantec AntiVirus and Symantec Client Security is vulnerable to a buffer overflow.
Product
|
Version
|
Solution(s)
β|β|β
Symantec AntiVirus
|
10.0.x
|
Upgrade to SAV 10.1 MR9
10.1.x
|
Upgrade to to MR9
10.2.x
|
Upgrade to MR4
Symantec Client Security
|
3.0.x
|
Upgrade to SCS 3.1 MR9
3.1.x
|
Upgrade to MR9
Note: Only the Symantec products indicated above shipped with these components.
Severity
Medium
Remote Access
|
Yes
β|β
Local Access
|
No
Authentication Required
|
No
Exploit publicly available
|
No
Details
Symantec was notified of an ActiveX buffer overflow in the Symantec Client Proxy, CLIproxy.dll. The issue impacts the client-side only, is done under the user account and does not lead to an escalation of privilege. It is possible to craft specific HTML webpages that pass information to proxy without proper boundary checking.
The impact of this threat requires user interaction to either click on a link directing them to the specially created html website or otherwise be exposed to said HTML in the constraints of a web browser.
Symantec Response
Symantec product engineers have released a fix for this issue in the MR9 update. Symantec recommends all customers apply the latest available update to protect against threats of this nature.
Symantec is not aware of any exploitation of or adverse customer impact from these issues.
Best Practices
As part of normal best practices, Symantec strongly recommends:
Symantec would like to thank Alexander Polyakov from DSecRG for reporting these issues and coordinating with us while Symantec resolved them.
BID: Security Focus, http://www.securityfocus.com, has assigned a Bugtraq ID (BID) 38222 to these issues for inclusion in the Security Focus vulnerability database.
CVE: These issues are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. The CVE initiative has assigned CVE-2010-0108 for the Client Proxy Buffer Overflow
CPE | Name | Operator | Version |
---|---|---|---|
symantec antivirus | eq | 1 | |
symantec antivirus | eq | 1 | |
symantec antivirus | eq | 1 | |
symantec antivirus | eq | 3 | |
symantec antivirus | eq | 3 |