ID
VAR-200212-0448
CVE
CVE-2002-1777
TITLE
Symantec Norton AntiVirus Inconsistent exception handling MIME Head hole
Trust: 0.6
DESCRIPTION
NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass e-mail scanning via a filename in the Content-Type field with an excluded extension such as .nch or .dbx, but a malicious extension in the Content-Disposition field, which is used by Outlook to obtain the file name. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but Norton AntiVirus or the Office plug-in would detect the virus before it is executed. An issue has been discovered which involves Symantec Norton AntiVirus 2002 incoming email scanning protection feature. Using conflicting MIME headers, it is possible to rename a file to an excluded filetype in the Content-Type field, and include the original filename in the Content-Disposition field, resulting in the execution of the file by the appropriate application. For example: Content-Type: application/msword;name=\filename.nch Content-Transfer-Encoding: base64 Content-Disposition: attachment;filename=\filename.doc Norton will detect the attachment as a .nch file, however Microsoft Office will detect the .doc extension and handle it as such. If the .doc attachment happens to be a Word macro virus, it will execute on the user's sytem
Trust: 1.26
AFFECTED PRODUCTS
| vendor: | symantec | model: | norton antivirus | scope: | eq | version: | 2002 | Trust: 1.6 |
| vendor: | symantec | model: | norton antivirus | scope: | eq | version: | 20020 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
Design Error
Trust: 0.9
EXTERNAL IDS
| db: | BID | id: | 4246 | Trust: 2.0 |
| db: | NVD | id: | CVE-2002-1777 | Trust: 1.7 |
| db: | CNNVD | id: | CNNVD-200212-110 | Trust: 0.7 |
| db: | NSFOCUS | id: | 2364 | Trust: 0.6 |
| db: | XF | id: | 8392 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-6160 | Trust: 0.1 |
REFERENCES
| url: | http://www.securityfocus.com/bid/4246 | Trust: 2.7 |
| url: | http://online.securityfocus.com/archive/1/260271 | Trust: 2.1 |
| url: | http://online.securityfocus.com/archive/1/260678 | Trust: 2.1 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/8392 | Trust: 2.1 |
| url: | http://xforce.iss.net/xforce/xfdb/8392 | Trust: 0.6 |
| url: | http://www.nsfocus.net/vulndb/2364 | Trust: 0.6 |
| url: | http://www.symantec.com/nav/nav_9xnt/ | Trust: 0.3 |
| url: | http://www.symantec.com | Trust: 0.3 |
CREDITS
Edvice Security Services※ support@edvicesecurity.com
Trust: 0.6
SOURCES
| db: | VULHUB | id: | VHN-6160 |
| db: | BID | id: | 4246 |
| db: | CNNVD | id: | CNNVD-200212-110 |
| db: | NVD | id: | CVE-2002-1777 |
LAST UPDATE DATE
2024-11-22T23:13:03.687000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-6160 | date: | 2017-07-11T00:00:00 |
| db: | BID | id: | 4246 | date: | 2002-03-07T00:00:00 |
| db: | CNNVD | id: | CNNVD-200212-110 | date: | 2005-10-20T00:00:00 |
| db: | NVD | id: | CVE-2002-1777 | date: | 2024-11-20T23:42:06.117 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-6160 | date: | 2002-12-31T00:00:00 |
| db: | BID | id: | 4246 | date: | 2002-03-07T00:00:00 |
| db: | CNNVD | id: | CNNVD-200212-110 | date: | 2002-03-07T00:00:00 |
| db: | NVD | id: | CVE-2002-1777 | date: | 2002-12-31T05:00:00 |