// For flags

CVE-2010-3497

 

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)."

Symantec Norton AntiVirus 2011 no interactúa de forma adecuada con el procesado de URLs hcp:// debido a la ayuda y centro de soporte de Microsoft, lo que hace que sea más fácil para los atacantes remotos ejecutar código a través de malware que se detecta correctamente por este producto, pero con una detección que ocurre demasiado tarde para detener la ejecución de código. NOTA: el investigador indica que el desarrollador le ha respondido "Cae en la parte del firewall no de nuestro AV (por nuestra metodología de capas de defensa)"

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-09-24 CVE Reserved
  • 2012-08-22 CVE Published
  • 2024-09-16 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (2)
URL Tag Source
http://www.n00bz.net/antivirus-cve X_refsource_misc
http://www.securityfocus.com/archive/1/514356 Mailing List
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Symantec
Search vendor "Symantec"
 Norton Antivirus
Search vendor "Symantec" for product "Norton Antivirus"
 2011
Search vendor "Symantec" for product "Norton Antivirus" and version "2011"
-
Affected