CVE-2008-0309

EPSS 5.16%
Published 28.02.2008 20:44:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp).

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Symantec ≫ Scan Engine Version <= 5.1.4.24

Symantec ≫ Symantec Antivirus Filtering Domino Mpe Editionaix Version <= 3.0.12

Symantec ≫ Symantec Antivirus Filtering Domino Mpe Editionlinux Version <= 3.0.12

Symantec ≫ Symantec Antivirus Filtering Domino Mpe Editionsolaris Version <= 3.0.12

Symantec ≫ Symantec Antivirus Network Attached Storage Version <= 4.3.16.39

Symantec ≫ Symantec Antivirus Scan Engine Version <= 4.3.16.39

Symantec ≫ Symantec Antivirus Scan Engine Caching Version <= 4.3.16.39

Symantec ≫ Symantec Antivirus Scan Engine Clearswift Version <= 4.3.16.39

Symantec ≫ Symantec Antivirus Scan Engine For Microsoft Sharepoint Version <= 4.3.16.39

Symantec ≫ Symantec Antivirus Scan Engine For Ms Isa Version <= 4.3.16.39

Symantec ≫ Symantec Antivirus Scan Engine Messaging Version <= 4.3.16.39

Symantec ≫ Symantec Mail Security For Microsoft Exchange Version <= 4.6.5.12

Symantec ≫ Symantec Mail Security For Microsoft Exchange Version <= 5.0.4.363

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	5.16%	0.889

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/29140

Vendor Advisory

http://www.securitytracker.com/id?1019503

http://www.symantec.com/avcenter/security/Content/2008.02.27.html

http://www.vupen.com/english/advisories/2008/0680

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=667

http://www.securityfocus.com/bid/27913

https://nvd.nist.gov/vuln/detail/CVE-2008-0309

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-0309

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-0309

EUVD