PT-2008-1952 · Symantec · Symantec System Works+3
Published
2008-04-08
·
Updated
2017-08-08
·
CVE-2008-0312
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Symantec Norton 360 version 1.0
Symantec AntiVirus versions 2006 through 2008
Symantec Internet Security versions 2006 through 2008
Symantec System Works versions 2006 through 2008
Description
The issue is a stack-based buffer overflow in the AutoFix Support Tool ActiveX control. This allows remote attackers to execute arbitrary code via a long argument to the
GetEventLogInfo method.Recommendations
For Symantec Norton 360 version 1.0, update to a newer version to mitigate the risk.
For Symantec AntiVirus versions 2006 through 2008, consider disabling the AutoFix Support Tool ActiveX control until a patch is available.
For Symantec Internet Security versions 2006 through 2008, restrict access to the
GetEventLogInfo method to minimize the risk of exploitation.
For Symantec System Works versions 2006 through 2008, avoid using the AutoFix Support Tool ActiveX control until the issue is resolved.Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Symantec Antivirus
Symantec Internet Security
Symantec Norton 360
Symantec System Works