CVE-2007-3021

Sažetak

Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export.

Reference

http://osvdb.org/36109
http://secunia.com/advisories/25543
http://www.securityfocus.com/bid/24313
http://www.securitytracker.com/id?1018196
http://www.symantec.com/avcenter/security/Content/2007.06.05a.html
http://www.vupen.com/english/advisories/2007/2074
https://exchange.xforce.ibmcloud.com/vulnerabilities/34744

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-07-2017 - 01:31

Objavljeno

05-06-2007 - 21:30