CVSS: 9.8EPSS: 10%CPEs: 168EXPL: 0CVE-2007-0447 – Symantec AntiVirus Engine CAB Parsing Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-0447
12 Jul 2007 — Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives. Desbordamiento de búfer basado en pila en el componente Decomposer en múltiples producto Symantec que permiten a atacantes remotos ejecutar código de su elección a través de archivos .CAB manipulados. This vulnerability allows remote attackers to execute arbitrary code on systems with affected installations of Symantec's AntiVirus Engine. U... • http://osvdb.org/36118 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 73%CPEs: 2EXPL: 1CVE-2007-1689 – Symantec Norton Internet Security 2004 - ActiveX Control Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-1689
16 May 2007 — Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions. Desbordamiento de búfer en el control ActiveX ISAlertDataCOM, en ISLALERT.DLL para Norton Personal Firewall 2004 e Internet Security 2004 permite a atacantes remotos ejecutar código de su elección mediante argumentos largos para las funciones (1) Get y (2) Set. • https://www.exploit-db.com/exploits/16610 •
CVSS: 8.8EPSS: 6%CPEs: 6EXPL: 0CVE-2006-3456
https://notcve.org/view.php?id=CVE-2006-3456
11 May 2007 — The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless ... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=529 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 56EXPL: 2CVE-2007-1793 – Symantec (Multiple Products) - 'SPBBCDrv' Driver Local Denial of Service
https://notcve.org/view.php?id=CVE-2007-1793
02 Apr 2007 — SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions. NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected. El archivo SPBBCDrv.sys en Symantec... • https://www.exploit-db.com/exploits/29810 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 84EXPL: 1CVE-2007-1476 – Symantec 'SYMTDI.SYS' Device Driver - Local Denial of Service
https://notcve.org/view.php?id=CVE-2007-1476
16 Mar 2007 — The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver's \Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855. El controlador de dispositivo SymTDI (SYMTDI.SYS) en Symantec Norton Personal Firewall 2006 versión ... • https://www.exploit-db.com/exploits/29743 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 23%CPEs: 6EXPL: 0CVE-2006-6490
https://notcve.org/view.php?id=CVE-2006-6490
22 Feb 2007 — Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message. Múltiples desbordamiento de búfer en los controles ActiveX de SupportSoft (1) SmartIssue (tgctlsi.dll) y (2) ScriptRunner (tgctlsr.dll), tal y como se usan en Symantec Automated Support Assistant... • http://archives.neohapsis.com/archives/bugtraq/2007-02/0454.html •
CVSS: 8.8EPSS: 23%CPEs: 5EXPL: 0CVE-2006-5403
https://notcve.org/view.php?id=CVE-2006-5403
19 Oct 2006 — Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. Desbordamiento de buffer basado en pila en el Control de ActiveX usado en Symantec Automated Support Assistant, como el usado en el AntiVirus Norton, en Internet Security y System Works 2005 y 2006, p... • http://secunia.com/advisories/22228 •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2006-5404
https://notcve.org/view.php?id=CVE-2006-5404
19 Oct 2006 — Unspecified vulnerability in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to obtain sensitive information via unspecified vectors. Vulnerabilidad no especificada en el Control de ActiveX usado en Symantec Automated Support Assistant, como el usado en el AntiVirus Norton, en Internet Security y System Works 2005 y 2006, permite a los atacantes remotos, con la complicidad d... • http://secunia.com/advisories/22228 •
CVSS: 5.5EPSS: 0%CPEs: 101EXPL: 2CVE-2006-4855 – Symantec (Multiple Products) - 'SymEvent' Driver Local Denial of Service
https://notcve.org/view.php?id=CVE-2006-4855
19 Sep 2006 — The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data. El driver \Device\SymEvent ... • https://www.exploit-db.com/exploits/28588 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2006-1836
https://notcve.org/view.php?id=CVE-2006-1836
19 Apr 2006 — Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program. • http://secunia.com/advisories/19682 •