6 results (0.007 seconds)

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud, and Endpoint Protection Cloud Client due to a DLL-preloading without path restrictions, which could let a local malicious user obtain system privileges. Se presenta una vulnerabilidad de escalada de privilegios en Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security with Backup, Norton Internet Security, Norton 360, Endpoint Protection Small Business Edition Cloud y Endpoint Protection Cloud Client, debido a una precarga de DLL sin restricciones de ruta, que podría permitir a un usuario malicioso local obtener privilegios system. • http://www.securityfocus.com/bid/94295 http://www.securitytracker.com/id/1037323 http://www.securitytracker.com/id/1037324 http://www.securitytracker.com/id/1037325 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161117_00 • CWE-427: Uncontrolled Search Path Element •

CVSS: 9.3EPSS: 1%CPEs: 31EXPL: 0

Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. NOTE: this is only a vulnerability if the attacker can "masquerade as an authorized site." Desbordamiento de búfer en el control ActiveX (SYMLTCOM.dll) en Symantec N360 v1.0 y v2.0; Norton Internet Security, AntiVirus, SystemWorks, y Confidential 2006 through 2008; y Symantec Client Security v3.0.x anteriores a v3.1 MR9, y v3.1.x anteriores a MR9; permite a atacantes remotos producir una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de vectores desconocidos. NOTA: Esto solo es una vulnerabilidad si el atacante puede actuar como si fuese un sitio autorizado. • http://osvdb.org/62412 http://secunia.com/advisories/38654 http://www.securityfocus.com/archive/1/509717/100/0/threaded http://www.securityfocus.com/bid/38217 http://www.securitytracker.com/id?1023628 http://www.securitytracker.com/id?1023629 http://www.securitytracker.com/id?1023630 http://www.securitytracker.com/id?1023631 http://www.symantec.com/security_response/securityupdates/detail.jsp? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 1%CPEs: 26EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus (SAV) before 10.1 MR8, Symantec Endpoint Protection (SEP) 11.0 before 11.0 MR1, Norton 360 1.0, and Norton Internet Security 2005 through 2008, allow remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, related to "two parsing errors." Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en ccLgView.exe en Symantec Log Viewer, utilizado en Symantec AntiVirus (SAV), anterior a v10.1 MR8, Symantec Endpoint Protection (SEP) v11.0 anteriores a v11.0 MR1, Norton 360 v1.0, y Norton Internet Security 2005 hasta 2008, permite a atacantes remotos inyectar HTML o scripts web arbitrarios a su elección a través de un mensaje de correo electrónico elaborado ,relacionadas con "dos errores de análisis sintáctico." • http://osvdb.org/54132 http://secunia.com/advisories/34936 http://www.securityfocus.com/bid/34669 http://www.securitytracker.com/id?1022133 http://www.securitytracker.com/id?1022134 http://www.securitytracker.com/id?1022135 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_01 http://www.vupen.com/english/advisories/2009/1203 https://exchange.xforce.ibmcloud.com/vulnerabilities/50170 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 32%CPEs: 10EXPL: 0

The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, does not properly determine the location of the AutoFix Tool, which allows remote attackers to execute arbitrary code via a remote (1) WebDAV or (2) SMB share. El método ActiveDataInfo.LaunchProcess en el control ActiveX 2.7.0.1 SymAData.ActiveDataInfo.1 en SYMADATA.DLL sobre múltiples productos Symantec Norton incluyendo Norton 360 1.0, AntiVirus 2006 al 2008, Internet Security 2006 al 2008, y System Works 2006 al 2008, no es capaz de determinar correctamente la ubicación de AutoFix Tool, lo que permite a atacantes remotos ejecutar código de su elección a través de un recurso compartido del tipo (1) WebDAV o (2) SMB. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=678 http://secunia.com/advisories/29660 http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html http://www.securityfocus.com/bid/28509 http://www.securitytracker.com/id?1019751 http://www.securitytracker.com/id?1019752 http://www.securitytracker.com/id?1019753 http://www.vupen.com/english/advisories/2008/1077/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41631 •

CVSS: 9.3EPSS: 6%CPEs: 11EXPL: 0

Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer basado en pila en el AutoFix Support Tool ActiveX control 2.7.0.1 en SYMADATA.DLL de múltiples productos de Symantec Norton, incluyendo Norton 360 1.0, AntiVirus 2006 hasta 2008, Internet Security 2006 hasta 2008, y System Works 2006 hasta 2008; permite a atacantes remotos ejecutar código de su elección mediante un argumento largo al método GetEventLogInfo. NOTA: Algunos de estos detalles se han obtenido de información de terceros. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=677 http://secunia.com/advisories/29660 http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html http://www.securityfocus.com/bid/28507 http://www.securitytracker.com/id?1019751 http://www.securitytracker.com/id?1019752 http://www.securitytracker.com/id?1019753 http://www.vupen.com/english/advisories/2008/1077/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41629 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •