CVE-2008-0312

Sažetak

Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information.

Reference

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=677
http://secunia.com/advisories/29660
http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html
http://www.securityfocus.com/bid/28507
http://www.securitytracker.com/id?1019751
http://www.securitytracker.com/id?1019752
http://www.securitytracker.com/id?1019753
http://www.vupen.com/english/advisories/2008/1077/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41629

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

08-08-2017 - 01:29

Objavljeno

08-04-2008 - 17:05