CVSS: 5.5EPSS: 82%CPEs: 20EXPL: 0CVE-2012-1461
https://notcve.org/view.php?id=CVE-2012-1461
21 Mar 2012 — The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, Sophos A... • http://osvdb.org/80500 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.2EPSS: 11%CPEs: 10EXPL: 0CVE-2012-1462
https://notcve.org/view.php?id=CVE-2012-1462
21 Mar 2012 — The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, Norman Antivirus 6.06.12, Sophos Anti-Virus 4.61.0, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a ZIP file cont... • http://www.ieee-security.org/TC/SP2012/program.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 2%CPEs: 39EXPL: 0CVE-2011-0688
https://notcve.org/view.php?id=CVE-2011-0688
31 Jan 2011 — Intel Alert Management System (aka AMS or AMS2), as used in Symantec Antivirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary commands via crafted messages over TCP, as discovered by Junaid Bohio, a different vulnerability than CVE-2010-0110 and CVE-2010-0111. NOTE: some of these details are obtained from third party information. Intel Alert Management System(también conocido como AM... • http://secunia.com/advisories/43099 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 32%CPEs: 39EXPL: 0CVE-2010-0110 – Symantec AMS Intel Alert Service AMSSendAlertAct Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0110
27 Jan 2011 — Multiple stack-based buffer overflows in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allow remote attackers to execute arbitrary code via (1) a long string to msgsys.exe, related to the AMSSendAlertAct function in AMSLIB.dll in the Intel Alert Handler service (aka Symantec Intel Handler service); a long (2) modem string or (3) PIN number to msgsys... • http://secunia.com/advisories/43099 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 60%CPEs: 39EXPL: 0CVE-2010-0111 – Symantec Intel Alert Originator Service iao.exe Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0111
27 Jan 2011 — HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary programs by sending msgsys.exe a UNC share pathname, which is used directly in a CreateProcessA (aka CreateProcess) call. HDNLRSVC.EXE en el servicio Intel Alert Handler (t... • http://secunia.com/advisories/43099 • CWE-20: Improper Input Validation •
CVSS: 6.2EPSS: 6%CPEs: 20EXPL: 1CVE-2010-3268
https://notcve.org/view.php?id=CVE-2010-3268
22 Dec 2010 — The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (AMS), as used in Symantec Antivirus Corporate Edition 10.1.4.4010 on Windows 2000 SP4 and Symantec Endpoint Protection before 11.x, does not properly validate the CommandLine field of an AMS request, which allows remote attackers to cause a denial of service (application crash) via a crafted request. La función GetStringAMSHandler en prgxh... • http://secunia.com/advisories/42593 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 27%CPEs: 31EXPL: 0CVE-2010-0107
https://notcve.org/view.php?id=CVE-2010-0107
23 Feb 2010 — Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. NOTE: this is only a vulnerability if the attacker can "masquerade as an authorized site." Desbordamiento de búfer en el control ActiveX (SYMLTCOM.dll) ... • http://osvdb.org/62412 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 54EXPL: 0CVE-2010-0106
https://notcve.org/view.php?id=CVE-2010-0106
19 Feb 2010 — The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x before MR9, AntiVirus 10.2.x, and Client Security 3.0.x and 3.1.x before MR9, when Tamper protection is disabled, allows remote attackers to cause a denial of service (prevention of on-demand scanning) via "specific events" that prevent the user from having read access to unspecified resources. El escaneo bajo demanda en Symantec AntiVirus v10.0.x y v10.1.x anterior a MR9, AntiVirus v10.2.x, Client Security v3.0.x y v3.1.x anterior a MR9 y Endpo... • http://osvdb.org/62414 •
CVSS: 10.0EPSS: 15%CPEs: 54EXPL: 1CVE-2010-0108 – Symantec (Multiple Products) - Client Proxy ActiveX 'CLIproxy.dll' Remote Overflow
https://notcve.org/view.php?id=CVE-2010-0108
19 Feb 2010 — Buffer overflow in the cliproxy.objects.1 ActiveX control in the Symantec Client Proxy (CLIproxy.dll) in Symantec AntiVirus 10.0.x, 10.1.x before MR9, and 10.2.x before MR4; and Symantec Client Security 3.0.x and 3.1.x before MR9 allows remote attackers to execute arbitrary code via a long argument to the SetRemoteComputerName function. Desbordamiento de búfer en un control ActiveX en el proxy de cliente de Symantec (CLIproxy.dll) en Symantec AntiVirus v10.0.x, v10.1.x anterior a MR9 y v10.2.x anterior a MR... • https://www.exploit-db.com/exploits/33642 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 31EXPL: 0CVE-2009-3104
https://notcve.org/view.php?id=CVE-2009-3104
08 Sep 2009 — Unspecified vulnerability in Symantec Norton AntiVirus 2005 through 2008; Norton Internet Security 2005 through 2008; AntiVirus Corporate Edition 9.0 before MR7, 10.0, 10.1 before MR8, and 10.2 before MR3; and Client Security 2.0 before MR7, 3.0, and 3.1 before MR8; when Internet Email Scanning is installed and enabled, allows remote attackers to cause a denial of service (CPU consumption and persistent connection loss) via unknown attack vectors. Vulnerabilidad no especificada en Symantec Norton AntiVirus ... • http://osvdb.org/57429 • CWE-399: Resource Management Errors •