Page 9 of 104 results (0.006 seconds)

CVSS: 6.0EPSS: 0%CPEs: 7EXPL: 0

The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet Security for Macintosh 3.x, uses a directory with weak permissions (group writable), which allows local admin users to gain root privileges by replacing unspecified files, which are executed when a user with physical access inserts a disk and the "Show Progress During Mount Scans" option is enabled. El escáner Disk Mount en Symantec AntiVirus para Macintosh versiones 9.x y 10.x, Norton AntiVirus para Macintosh versiones 10.0 y 10.1 y Norton Internet Security para Macintosh versiones 3.x , usa un directorio con permisos débiles (grupo grabable), que permite a usuarios administradores locales alcanzar privilegios de root mediante la sustitución de archivos no especificados, que se ejecutan cuando un usuario con acceso físico inserta un disco y la opción "Show Progress During Mount Scans" está habilitada. • http://osvdb.org/40864 http://secunia.com/advisories/27488 http://securityresponse.symantec.com/avcenter/security/Content/2007.11.02.html http://securitytracker.com/id?1018889 http://securitytracker.com/id?1018890 http://www.securityfocus.com/bid/26253 http://www.vupen.com/english/advisories/2007/3698 https://exchange.xforce.ibmcloud.com/vulnerabilities/38229 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 84%CPEs: 4EXPL: 0

Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA. Múltiples vulnerabilidades de "errores de validación de entrada" sin especificar en múltiples controles ActiveX en el NavComUI.dll, como el utilizado en el AntiVirus Norton, Internet Security y los productos System Works para 2006, permiten a atacantes remotos ejecutar código de su elección a través de (1) la propiedad AnomalyList del AxSysListView32 y (2) la propiedad Anomaly del AxSysListView32OAA. • http://secunia.com/advisories/25215 http://secunia.com/secunia_research/2007-53/advisory http://www.securityfocus.com/bid/24983 http://www.securitytracker.com/id?1018545 http://www.securitytracker.com/id?1018546 http://www.securitytracker.com/id?1018547 http://www.symantec.com/avcenter/security/Content/2007.08.09.html http://www.vupen.com/english/advisories/2007/2822 https://exchange.xforce.ibmcloud.com/vulnerabilities/35944 •

CVSS: 6.0EPSS: 0%CPEs: 6EXPL: 0

Unspecified vulnerability in the Real-time scanner (RTVScan) component in Symantec AntiVirus Corporate Edition 9.0 through 10.1 and Client Security 2.0 through 3.1, when the Notification Message window is enabled, allows local users to gain privileges via crafted code. Vulnerabilidad no especificada en el componente Real-time scanner (RTVScan) en Symantec AntiVirus Corporate Edition 9.0 hasta la 10.1 y Client Security 2.0 hasta la 3.1, cuando la ventana Notification Message está activada, permite a usuarios locales ganar privilegios a través de código manipulado. • http://osvdb.org/36116 http://secunia.com/advisories/26054 http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11c.html http://www.securityfocus.com/bid/24810 http://www.vupen.com/english/advisories/2007/2506 https://exchange.xforce.ibmcloud.com/vulnerabilities/35352 •

CVSS: 4.6EPSS: 0%CPEs: 32EXPL: 0

Stack-based buffer overflow in the Internet E-mail Auto-Protect feature in Symantec AntiVirus Corporate Edition before 10.1, and Client Security before 3.1, allows local users to cause a denial of service (service crash) via a long (1) To, (2) From, or (3) Subject header in an outbound SMTP e-mail message. NOTE: the original vendor advisory referenced CVE-2006-3456, but this was an error. Desbordamiento de búfer basado en pila en la característica Internet E-mail Auto-Protect de Symantec AntiVirus Corporate Edition anterior a 10.1, y Client Security anterior a 3.1, permite a usuarios locales provocar una denegación de servicio (caída del servicio) mediante cabeceras (1) To, (2) From, o (3) Subject largas en un mensaje de correo electrónico SMTP saliente. NOTA: la notificación original del fabricante hacía referencia a CVE-2006-3456, lo cual fue un error. • http://osvdb.org/36115 http://secunia.com/advisories/26036 http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11b.html http://securitytracker.com/id?1018367 http://securitytracker.com/id?1018371 http://www.securityfocus.com/bid/24802 http://www.vupen.com/english/advisories/2007/2506 https://exchange.xforce.ibmcloud.com/vulnerabilities/35354 •

CVSS: 6.9EPSS: 0%CPEs: 25EXPL: 2

Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\symTDI\, which results in memory overwrite. Symantec symtdi.sys versiones anteriores a 7.0.0, tal y como se distribuye en Symantec AntiVirus Corporate Edition 9 hata 10.1 y Client Security 2.0 hasta 3.1, Norton AntiSpam 2005, y Norton AntiVirus, Internet Security, Personal Firewall, y System Works 2005 y 2006; permite a usuarios locales obtener privilegios mediante un Interrupt Request Packet (Irp) manipulado en una petición IOCTL 0x83022323 a \\symTDI\, que resulta en una sobre-escritura de memoria. • https://www.exploit-db.com/exploits/4178 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=554 http://osvdb.org/36117 http://secunia.com/advisories/26042 http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11d.html http://securitytracker.com/id?1018372 http://www.securityfocus.com/bid/22351 http://www.vupen.com/english/advisories/2007/2507 https://exchange.xforce.ibmcloud.com/vulnerabilities/35347 •