CVE-2010-0108

EPSS 13.17%
Published 19.02.2010 17:30:00
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

Buffer overflow in the cliproxy.objects.1 ActiveX control in the Symantec Client Proxy (CLIproxy.dll) in Symantec AntiVirus 10.0.x, 10.1.x before MR9, and 10.2.x before MR4; and Symantec Client Security 3.0.x and 3.1.x before MR9 allows remote attackers to execute arbitrary code via a long argument to the SetRemoteComputerName function.

Affected products Warnungen 0 Metrics 2 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Symantec ≫ Antivirus Version10.0

Symantec ≫ Antivirus Version10.0.1

Symantec ≫ Antivirus Version10.0.1.1

Symantec ≫ Antivirus Version10.0.2

Symantec ≫ Antivirus Version10.0.2.1

Symantec ≫ Antivirus Version10.0.2.2

Symantec ≫ Antivirus Version10.0.3

Symantec ≫ Antivirus Version10.0.4

Symantec ≫ Antivirus Version10.0.5

Symantec ≫ Antivirus Version10.0.6

Symantec ≫ Antivirus Version10.0.7

Symantec ≫ Antivirus Version10.0.8

Symantec ≫ Antivirus Version10.0.9

Symantec ≫ Antivirus Version10.1

Symantec ≫ Antivirus Version10.1 Editioncorporate

Symantec ≫ Antivirus Version10.1 Updatemp1 Editioncorporate

Symantec ≫ Antivirus Version10.1 Updatemr4 Editioncorporate

Symantec ≫ Antivirus Version10.1 Updatemr5 Editioncorporate

Symantec ≫ Antivirus Version10.1 Updatemr7 Editioncorporate

Symantec ≫ Antivirus Version10.1.0.1 Editioncorporate

Symantec ≫ Antivirus Version10.1.4 Editioncorporate

Symantec ≫ Antivirus Version10.1.4.1 Editioncorporate

Symantec ≫ Antivirus Version10.1.5 Editioncorporate

Symantec ≫ Antivirus Version10.1.5.1 Editioncorporate

Symantec ≫ Antivirus Version10.1.6 Editioncorporate

Symantec ≫ Antivirus Version10.1.6.1 Editioncorporate

Symantec ≫ Antivirus Version10.1.7 Editioncorporate

Symantec ≫ Antivirus Version10.2 Editioncorporate

Symantec ≫ Antivirus Version10.2 Updatemr2 Editioncorporate

Symantec ≫ Antivirus Version10.2 Updatemr3 Editioncorporate

Symantec ≫ Client Security Version3.0

Symantec ≫ Client Security Version3.0 Updatemr1

Symantec ≫ Client Security Version3.0 Updatemr2

Symantec ≫ Client Security Version3.0.0.359

Symantec ≫ Client Security Version3.0.1.1000

Symantec ≫ Client Security Version3.0.1.1007

Symantec ≫ Client Security Version3.0.1.1008

Symantec ≫ Client Security Version3.0.2

Symantec ≫ Client Security Version3.0.2.2000

Symantec ≫ Client Security Version3.0.2.2001

Symantec ≫ Client Security Version3.0.2.2010

Symantec ≫ Client Security Version3.0.2.2011

Symantec ≫ Client Security Version3.0.2.2020

Symantec ≫ Client Security Version3.0.2.2021

Symantec ≫ Client Security Version3.1

Symantec ≫ Client Security Version3.1 Updatemr4

Symantec ≫ Client Security Version3.1 Updatemr5

Symantec ≫ Client Security Version3.1 Updatemr7

Symantec ≫ Client Security Version3.1.0.396

Symantec ≫ Client Security Version3.1.0.401

Symantec ≫ Client Security Version3.1.394

Symantec ≫ Client Security Version3.1.400

Symantec ≫ Client Security Version3.1.401

Symantec ≫ Endpoint Protection Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	13.17%	0.939

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://dsecrg.com/pages/vul/show.php?id=139

http://secunia.com/advisories/38651

Vendor Advisory

http://www.securityfocus.com/archive/1/509681/100/0/threaded

http://www.securityfocus.com/bid/38222

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_02

http://www.vupen.com/english/advisories/2010/0412

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/56355

https://nvd.nist.gov/vuln/detail/CVE-2010-0108

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-0108

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-0108

EUVD