Lucene search

MitreCVE-2008-0312

HistoryApr 08, 2008 - 5:05 p.m.

CVE-2008-0312

2008-04-0817:05:00

CWE-119

mitre

web.nvd.nist.gov

cve-2008-0312

buffer overflow

autofix support tool

activex control

symantec norton

remote code execution

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

Low

EPSS

0.062

Percentile

93.7%

JSON

Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

microsoftwindows

AND

symantecnorton_360Match1.0

symantecnorton_antivirusMatch2006

symantecnorton_antivirusMatch2007

symantecnorton_antivirusMatch2008

symantecnorton_internet_securityMatch2006

symantecnorton_internet_securityMatch2007

symantecnorton_internet_securityMatch2008

symantecnorton_system_worksMatch2006

symantecnorton_system_worksMatch2007

symantecnorton_system_worksMatch2008

VendorProductVersionCPE
microsoftwindows*cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
symantecnorton_3601.0cpe:2.3:a:symantec:norton_360:1.0:*:*:*:*:*:*:*
symantecnorton_antivirus2006cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*
symantecnorton_antivirus2007cpe:2.3:a:symantec:norton_antivirus:2007:*:*:*:*:*:*:*
symantecnorton_antivirus2008cpe:2.3:a:symantec:norton_antivirus:2008:*:*:*:*:*:*:*
symantecnorton_internet_security2006cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*
symantecnorton_internet_security2007cpe:2.3:a:symantec:norton_internet_security:2007:*:*:*:*:*:*:*
symantecnorton_internet_security2008cpe:2.3:a:symantec:norton_internet_security:2008:*:*:*:*:*:*:*
symantecnorton_system_works2006cpe:2.3:a:symantec:norton_system_works:2006:*:*:*:*:*:*:*
symantecnorton_system_works2007cpe:2.3:a:symantec:norton_system_works:2007:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows	*	cpe:2.3:o:microsoft:windows::::::::
symantec	norton_360	1.0	cpe:2.3:a:symantec:norton_360:1.0:::::::*
symantec	norton_antivirus	2006	cpe:2.3:a:symantec:norton_antivirus:2006:::::::*
symantec	norton_antivirus	2007	cpe:2.3:a:symantec:norton_antivirus:2007:::::::*
symantec	norton_antivirus	2008	cpe:2.3:a:symantec:norton_antivirus:2008:::::::*
symantec	norton_internet_security	2006	cpe:2.3:a:symantec:norton_internet_security:2006:::::::*
symantec	norton_internet_security	2007	cpe:2.3:a:symantec:norton_internet_security:2007:::::::*
symantec	norton_internet_security	2008	cpe:2.3:a:symantec:norton_internet_security:2008:::::::*
symantec	norton_system_works	2006	cpe:2.3:a:symantec:norton_system_works:2006:::::::*
symantec	norton_system_works	2007	cpe:2.3:a:symantec:norton_system_works:2007:::::::*

Rows per page:

1-10 of 111

References

labs.idefense.com/intelligence/vulnerabilities/display.php?id=677

secunia.com/advisories/29660

securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html

www.securityfocus.com/bid/28507

www.securitytracker.com/id?1019751

www.securitytracker.com/id?1019752

www.securitytracker.com/id?1019753

www.vupen.com/english/advisories/2008/1077/references

exchange.xforce.ibmcloud.com/vulnerabilities/41629

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

Low

EPSS

0.062

Percentile

93.7%

JSON

Related for CVE-2008-0312