CVSS: 9.8EPSS: 10%CPEs: 168EXPL: 0CVE-2007-0447 – Symantec AntiVirus Engine CAB Parsing Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-0447
12 Jul 2007 — Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives. Desbordamiento de búfer basado en pila en el componente Decomposer en múltiples producto Symantec que permiten a atacantes remotos ejecutar código de su elección a través de archivos .CAB manipulados. This vulnerability allows remote attackers to execute arbitrary code on systems with affected installations of Symantec's AntiVirus Engine. U... • http://osvdb.org/36118 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 56EXPL: 2CVE-2007-1793 – Symantec (Multiple Products) - 'SPBBCDrv' Driver Local Denial of Service
https://notcve.org/view.php?id=CVE-2007-1793
02 Apr 2007 — SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions. NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected. El archivo SPBBCDrv.sys en Symantec... • https://www.exploit-db.com/exploits/29810 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 84EXPL: 1CVE-2007-1476 – Symantec 'SYMTDI.SYS' Device Driver - Local Denial of Service
https://notcve.org/view.php?id=CVE-2007-1476
16 Mar 2007 — The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver's \Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855. El controlador de dispositivo SymTDI (SYMTDI.SYS) en Symantec Norton Personal Firewall 2006 versión ... • https://www.exploit-db.com/exploits/29743 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 101EXPL: 2CVE-2006-4855 – Symantec (Multiple Products) - 'SymEvent' Driver Local Denial of Service
https://notcve.org/view.php?id=CVE-2006-4855
19 Sep 2006 — The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data. El driver \Device\SymEvent ... • https://www.exploit-db.com/exploits/28588 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2006-3454
https://notcve.org/view.php?id=CVE-2006-3454
14 Sep 2006 — Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages. Múltiples vulnerabilidades de cadenas de formato en Symantec AntiVirus Corporate Edition 8.1 hasta 10.0, y Client Security 1.x hasta 3.0, permiten a usuarios locales ejecutar código de su elección mediante cadenas de formato en (1) Protección de Alter... • http://layereddefense.com/SAV13SEPT.html •
CVSS: 10.0EPSS: 78%CPEs: 12EXPL: 1CVE-2006-2630 – Symantec Remote Management - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-2630
27 May 2006 — Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Security 3.1 allows remote attackers to execute arbitrary code via unknown attack vectors. Desbordamiento de búfer basado en pila en Symantec Antivirus 10.1 y Client Security 3.1 permite a atacantes remotos ejecutar código de su elección vectores de ataque desconocidos. • https://www.exploit-db.com/exploits/16830 •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2006-1836
https://notcve.org/view.php?id=CVE-2006-1836
19 Apr 2006 — Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program. • http://secunia.com/advisories/19682 •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2005-0922
https://notcve.org/view.php?id=CVE-2005-0922
29 Mar 2005 — Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (system hang or crash) by triggering a scan of a certain file type. • http://secunia.com/advisories/14741 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2005-0923
https://notcve.org/view.php?id=CVE-2005-0923
29 Mar 2005 — The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (CPU consumption and system crash) by renaming a file on a network share. • http://secunia.com/advisories/14741 •
CVSS: 8.8EPSS: 10%CPEs: 49EXPL: 0CVE-2005-0249
https://notcve.org/view.php?id=CVE-2005-0249
08 Feb 2005 — Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header. • http://securitytracker.com/id?1013133 •