Информационная безопасность
[RU] switch to English


Переполнение буфера во многих антивирусных приложениях Symantec
Опубликовано:25 февраля 2010 г.
Источник:
SecurityVulns ID:10650
Тип:клиент
Уровень опасности:
8/10
Описание:Переполнение буфера при анализе содержимого. Переполнение буфера в ActiveX.
Затронутые продукты:SYMANTEC : Symantec Client Security 3.0
 SYMANTEC : Symantec Client Security 3.1
 SYMANTEC : Norton Internet Security 2006
 SYMANTEC : Norton AntiVirus 2006
 SYMANTEC : Norton SystemWorks 2006
 SYMANTEC : Norton Internet Security 2008
 SYMANTEC : Norton 360 1.0
 SYMANTEC : Norton 360 2.0
 SYMANTEC : Norton Internet Security 2007
 SYMANTEC : Norton AntiVirus 2007
 SYMANTEC : Norton AntiVirus 2008
 SYMANTEC : Norton SystemWorks 2007
 SYMANTEC : Norton SystemWorks 2008
CVE:CVE-2010-0108 (Buffer overflow in the cliproxy.objects.1 ActiveX control in the Symantec Client Proxy (CLIproxy.dll) in Symantec AntiVirus 10.0.x, 10.1.x before MR9, and 10.2.x before MR4; and Symantec Client Security 3.0.x and 3.1.x before MR9 allows remote attackers to execute arbitrary code via a long argument to the SetRemoteComputerName function.)
 CVE-2010-0107 (Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. NOTE: this is only a vulnerability if the attacker can "masquerade as an authorized site.")
Оригинальный текстdocumentAlexandr Polyakov, [DSECRG-09-039] Symantec Antivirus 10.0 ActiveX - buffer Overflow. (25.02.2010)
 documentVUPEN Security Research, VUPEN Security Research - Symantec Products "SYMLTCOM.dll" Buffer Overflow Vulnerability (25.02.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород