CVE-2012-4953
https://notcve.org/view.php?id=CVE-2012-4953
The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine (SSE) before 5.2.8 does not properly perform bounds checks of the contents of CAB archives, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file. El motor de descomposición en Symantec Endpoint Protection (SEP) v11.0, Symantec Endpoint Protection Small Business Edition v12.0, Symantec AntiVirus Corporate Edition (SAVCE) v10.x y Symantec Scan Engine (ESE) antes de v5.2.8 no realiza , de forma adecuada, comprobaciones sobre los límites de los contenidos de los archivos CAB, lo que permite a atacantes remotos provocar una denegación de servicio (por caída de la aplicación) o posiblemente ejecutar código de su elección a través de un archivo modificado. • http://www.kb.cert.org/vuls/id/985625 http://www.securityfocus.com/bid/56399 http://www.securitytracker.com/id?1027726 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121107_00 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-0309
https://notcve.org/view.php?id=CVE-2008-0309
Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp). Vulnerabilidad de Desbordamiento de búfer basado en pila en Symantec Decomposer incluído en productos como Symantec Scan Engine 5.1.2 y versiones anteriores a 5.1.6.31, que permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de aplicación) a través de un fichero RAR mal formado al puerto (1344/tcp) Internet Content Adaptation Protocol (ICAP) • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=667 http://secunia.com/advisories/29140 http://www.securityfocus.com/bid/27913 http://www.securitytracker.com/id?1019503 http://www.symantec.com/avcenter/security/Content/2008.02.27.html http://www.vupen.com/english/advisories/2008/0680 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-0308
https://notcve.org/view.php?id=CVE-2008-0308
Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to cause a denial of service (memory consumption) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp). Symantec Decomposer, como se usa en ciertos productos antivirus Symantec incluyendo Symantec Scan Engine 5.1.2 y otras versiones antes de 5.1.6.31, permite a atacantes remotos provocar una denegación de servicio (agotamiento de memoria) a través de un archivo RAR mal formado al puerto (1344/tcp) del Internet Content Adaptation Protocol (ICAP) (Protocolo de Adaptación de Contenido de Internet). • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=666 http://secunia.com/advisories/29140 http://www.securityfocus.com/bid/27911 http://www.securitytracker.com/id?1019503 http://www.symantec.com/avcenter/security/Content/2008.02.27.html http://www.vupen.com/english/advisories/2008/0680 • CWE-399: Resource Management Errors •
CVE-2007-4277
https://notcve.org/view.php?id=CVE-2007-4277
The Trend Micro AntiVirus scan engine before 8.550-1001, as used in Trend Micro PC-Cillin Internet Security 2007, and Tmxpflt.sys 8.320.1004 and 8.500.0.1002, has weak permissions (Everyone:Write) for the \\.\Tmfilter device, which allows local users to send arbitrary content to the device via the IOCTL functionality. NOTE: this can be leveraged for privilege escalation by exploiting a buffer overflow in the handler for IOCTL 0xa0284403. La ingenieria de búsqueda de Trend Micro AntiVirus anterior a 8.550-1001, utilizada en Trend Micro PC-Cillin Internet Security 2007, y Tmxpflt.sys 8.320.1004 y 8.500.0.1002, tiene permisos débiles (TODOS:Escritura) para el dispositivo \\.\Tmfilter, lo cual permite a usuarios locales enviar contenido de su elección al dispositivo a través de la funcionalidad IOCTL. • http://esupport.trendmicro.com/support/viewxml.do?ContentID=1035793 http://esupport.trendmicro.com/support/viewxml.do?ContentID=1036190 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=609 http://secunia.com/advisories/27378 http://securitytracker.com/id?1018863 http://www.securityfocus.com/bid/26209 http://www.vupen.com/english/advisories/2007/3627 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-264: Permissions, Privileges, and Access Controls •
CVE-2006-4886
https://notcve.org/view.php?id=CVE-2006-4886
The VirusScan On-Access Scan component in McAfee VirusScan Enterprise 7.1.0 and Scan Engine 4.4.00 allows local privileged users to bypass security restrictions and disable the On-Access Scan option by opening the program via the task bar and quickly clicking the Disable button, possibly due to an interface-related race condition. El componente VirusScan On-Access Scan en McAfee VirusScan Enterprise 7.1.0 y Scan Engine 4.4.00 permite a usuarios locales con privilegios evitar restricciones de seguridad y desactivar la opción On-Access Scan abriendo el programa desde la barra de tareas y haciendo clic rápidamente en el botón Disable, posiblemente debido a una "race condition" relacionada con la interfaz. • http://securityreason.com/securityalert/1605 http://www.securityfocus.com/archive/1/446220/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/28971 •