6.8

CVE-2008-0313

The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, does not properly determine the location of the AutoFix Tool, which allows remote attackers to execute arbitrary code via a remote (1) WebDAV or (2) SMB share.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SymantecNorton 360 Version1.0
SymantecNorton Antivirus Version2006
SymantecNorton Antivirus Version2007
SymantecNorton Antivirus Version2008
SymantecSystem Works Version2006
SymantecSystem Works Version2007
SymantecSystem Works Version2008
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.03% 0.893
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/29660
Patch
Vendor Advisory
http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html
http://www.securitytracker.com/id?1019751
http://www.securitytracker.com/id?1019752
http://www.securitytracker.com/id?1019753
http://www.vupen.com/english/advisories/2008/1077/references
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=678
http://www.securityfocus.com/bid/28509
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/41631