CVE-2007-3699 – Symantec AntiVirus Engine RAR File Parsing DoS Vulnerability
https://notcve.org/view.php?id=CVE-2007-3699
The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header. El componente Decomposer en múltiples productos Symantec permite a atacantes remotos provocar denegación de servicio (bucles infinitos) a través de ciertos valores en el campo PACK_SIZE de una cabecera de archivo RAR. This vulnerability allows attackers to create a denial of service condition on software with vulnerable installations of the Symantec's AntiVirus engine. Authentication is not required to exploit this vulnerability. The specific flaw resides in a forged PACK_SIZE field of a RAR file header. By setting this field to a specific value an infinite loop denial of service condition will occur when the scanner processes the file. • http://osvdb.org/36119 http://secunia.com/advisories/26053 http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html http://www.securityfocus.com/bid/24282 http://www.vupen.com/english/advisories/2007/2508 http://www.zerodayinitiative.com/advisories/ZDI-07-039.html •
CVE-2007-0563
https://notcve.org/view.php?id=CVE-2007-0563
Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Security (SWS) before 3.0.1.85 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) error messages and (2) blocked page messages produced by SWS. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Symantec Web Security (SWS) anterior a 3.0.1.85 permite atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados relacionados con (1) mensajes de error y (2) mensajes de página bloqueados producidos por SWS. • http://osvdb.org/32960 http://osvdb.org/32961 http://secunia.com/advisories/23896 http://securityresponse.symantec.com/avcenter/security/Content/2007.01.24c.html http://securitytracker.com/id?1017558 http://www.securityfocus.com/bid/22184 http://www.vupen.com/english/advisories/2007/0330 https://exchange.xforce.ibmcloud.com/vulnerabilities/31750 •
CVE-2007-0564
https://notcve.org/view.php?id=CVE-2007-0564
The license registering interface in Symantec Web Security (SWS) before 3.0.1.85 allows attackers to cause a denial of service (CPU consumption) by submitting a large file. La interfaz de registro de licencia en Symantec Web Security (SWS) versiones anteriores a 3.0.1.85 permite a atacantes remotos provocar una denegación de servicio (agotamiento de CPU) enviando un fichero grande. • http://secunia.com/advisories/23896 http://securityresponse.symantec.com/avcenter/security/Content/2007.01.24c.html http://securitytracker.com/id?1017558 http://www.vupen.com/english/advisories/2007/0330 •
CVE-2005-1346
https://notcve.org/view.php?id=CVE-2005-1346
Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote attackers to cause a denial of service (component crash) and avoid detection via a crafted RAR file. • http://securityresponse.symantec.com/avcenter/security/Content/2005.04.27.html •
CVE-2004-2755
https://notcve.org/view.php?id=CVE-2004-2755
Cross-site scripting (XSS) vulnerability in Symantec Web Security 2.5, 3.0.0, and 3.0.1 before build 62 allows remote attackers to inject arbitrary web script or HTML via the query string in blocked URLs that are listed in (1) error or (2) block page messages. • http://secunia.com/advisories/10618 http://securityresponse.symantec.com/avcenter/security/Content/2004.01.13.html http://www.osvdb.org/6754 http://www.securityfocus.com/bid/9418 http://www.securitytracker.com/alerts/2004/Jan/1008711.html https://exchange.xforce.ibmcloud.com/vulnerabilities/14825 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •