Symantec

Antivirus Scan Engine

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.3

CVE-2007-0447

  • EPSS 10.84%
  • Veröffentlicht 05.10.2007 21:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives.

9.3

CVE-2007-3699

  • EPSS 2.38%
  • Veröffentlicht 05.10.2007 21:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header.

10

CVE-2006-0230

Exploit
  • EPSS 32.69%
  • Veröffentlicht 25.04.2006 01:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests.

6.4

CVE-2006-0231

  • EPSS 0.69%
  • Veröffentlicht 25.04.2006 01:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications.

5

CVE-2006-0232

Exploit
  • EPSS 0.88%
  • Veröffentlicht 25.04.2006 01:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct request...

5.1

CVE-2005-3217

  • EPSS 0.38%
  • Veröffentlicht 14.10.2005 10:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple interpretation error in unspecified versions of Symantec Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be open...

10

CVE-2005-2758

  • EPSS 22.57%
  • Veröffentlicht 05.10.2005 19:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow.

2.6

CVE-2005-1346

  • EPSS 0.71%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4...

7.5

CVE-2005-0249

  • EPSS 10.6%
  • Veröffentlicht 08.02.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header.

7

CVE-2004-0217

Exploit
  • EPSS 0.13%
  • Veröffentlicht 15.04.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log.