CVE-2010-0107

Description

Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. NOTE: this is only a vulnerability if the attacker can "masquerade as an authorized site."

Affected products

• Symantec / client_security3.0 – 3.0
• Symantec / client_security3.0.1.1000 – 3.0.1.1000
• Symantec / client_security3.0.1.1001 – 3.0.1.1001
• Symantec / client_security3.0.1.1007 – 3.0.1.1007
• Symantec / client_security3.0.1.1008 – 3.0.1.1008
• Symantec / client_security3.0.1.1009 – 3.0.1.1009
• Symantec / client_security3.0.2 – 3.0.2
• Symantec / client_security3.0.2.2000 – 3.0.2.2000
• Symantec / client_security3.0.2.2001 – 3.0.2.2001
• Symantec / client_security3.0.2.2002 – 3.0.2.2002
• Symantec / client_security3.0.2.2010 – 3.0.2.2010
• Symantec / client_security3.0.2.2011 – 3.0.2.2011
• Symantec / client_security3.0.2.2020 – 3.0.2.2020
• Symantec / client_security3.0.2.2021 – 3.0.2.2021
• Symantec / client_security3.1 – 3.1
• Symantec / client_security3.1 – 3.1
• Symantec / client_security3.1 – 3.1
• Symantec / client_security3.1 – 3.1
• Symantec / client_security3.1.0.396 – 3.1.0.396
• Symantec / client_security3.1.0.401 – 3.1.0.401
• Symantec / client_security3.1.396 – 3.1.396
• Symantec / client_security3.1.400 – 3.1.400
• Symantec / client_security3.1.401 – 3.1.401
• Symantec / norton_3601.0 – 1.0
• Symantec / norton_3602.0 – 2.0
• Symantec / norton_antivirus2006 – 2006
• Symantec / norton_antivirus2007 – 2007
• Symantec / norton_antivirus2008 – 2008
• Symantec / norton_internet_security2006 – 2006
• Symantec / norton_internet_security2007 – 2007
• Symantec / norton_internet_security2008 – 2008

References

• MISChttp://osvdb.org/62412
• MISChttp://www.securityfocus.com/archive/1/509717/100/0/threaded
• MISChttp://www.securitytracker.com/id?1023630
• VENDOR_ADVISORYhttp://secunia.com/advisories/38654
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/56357
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/0411
• MISChttp://www.securitytracker.com/id?1023631
• MISChttp://www.securityfocus.com/bid/38217
• MISChttp://www.securitytracker.com/id?1023628
• MISChttp://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_01
• MISChttp://www.securitytracker.com/id?1023629