PT-2008-1952 · Symantec · Symantec System Works+3
Publicado
2008-04-08
·
Atualizado
2017-08-08
·
CVE-2008-0312
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Symantec Norton 360 version 1.0
Symantec AntiVirus versions 2006 through 2008
Symantec Internet Security versions 2006 through 2008
Symantec System Works versions 2006 through 2008
Description
The issue is a stack-based buffer overflow in the AutoFix Support Tool ActiveX control. This allows remote attackers to execute arbitrary code via a long argument to the
GetEventLogInfo method.Recommendations
For Symantec Norton 360 version 1.0, update to a newer version to mitigate the risk.
For Symantec AntiVirus versions 2006 through 2008, consider disabling the AutoFix Support Tool ActiveX control until a patch is available.
For Symantec Internet Security versions 2006 through 2008, restrict access to the
GetEventLogInfo method to minimize the risk of exploitation.
For Symantec System Works versions 2006 through 2008, avoid using the AutoFix Support Tool ActiveX control until the issue is resolved.Correção
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Symantec Antivirus
Symantec Internet Security
Symantec Norton 360
Symantec System Works