Details of VAR-200312-0354

ID

VAR-200312-0354

CVE

CVE-2003-1451

TITLE

Norton Antivirus 2002 Mail Scanner Remote Buffer Overflow Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200312-441

DESCRIPTION

Buffer overflow in Symantec Norton AntiVirus 2002 allows remote attackers to execute arbitrary code via an e-mail attachment with a compressed ZIP file that contains a file with a long filename. The Norton Antivirus 2002 email scanner is vulnerable to a buffer overflow. This could potentially result in code execution in the security context of the antivirus scanner. When parsing this mail, a buffer overflow may occur. Carefully constructed file name data may execute arbitrary instructions on the system with the process privilege of the logged-in user

Trust: 1.26

sources: NVD: CVE-2003-1451 // BID: 6886 // VULHUB: VHN-8276

AFFECTED PRODUCTS

vendor:	symantec	model:	norton antivirus	scope:	eq	version:	2002	Trust: 1.6
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	20020	Trust: 0.3
vendor:	symantec	model:	norton antivirus	scope:	ne	version:	20030	Trust: 0.3

sources: BID: 6886 // CNNVD: CNNVD-200312-441 // NVD: CVE-2003-1451

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-1451
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200312-441
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-8276
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2003-1451
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-8276
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-8276 // CNNVD: CNNVD-200312-441 // NVD: CVE-2003-1451

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.1

sources: VULHUB: VHN-8276 // NVD: CVE-2003-1451

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200312-441

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200312-441

EXTERNAL IDS

db:	BID	id:	6886	Trust: 2.0
db:	NVD	id:	CVE-2003-1451	Trust: 1.7
db:	CNNVD	id:	CNNVD-200312-441	Trust: 0.7
db:	BUGTRAQ	id:	20030219 [SNS ADVISORY NO.61] SYMANTEC NORTON ANTIVIRUS 2002 BUFFER OVERFLOW VULNERABILITY	Trust: 0.6
db:	XF	id:	11365	Trust: 0.6
db:	NSFOCUS	id:	4438	Trust: 0.6
db:	VULHUB	id:	VHN-8276	Trust: 0.1

sources: VULHUB: VHN-8276 // BID: 6886 // CNNVD: CNNVD-200312-441 // NVD: CVE-2003-1451

REFERENCES

url:	http://securityresponse.symantec.com/avcenter/security/content/2003.02.28.html	Trust: 2.0
url:	http://www.securityfocus.com/bid/6886	Trust: 1.7
url:	http://www.derkeiler.com/mailing-lists/securityfocus/bugtraq/2003-02/0233.html	Trust: 1.7
url:	http://www.lac.co.jp/security/english/snsadv_e/61_e.html	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/11365	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/11365	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/4438	Trust: 0.6
url:	http://www.symantec.com	Trust: 0.3
url:	/archive/1/312419	Trust: 0.3

sources: VULHUB: VHN-8276 // BID: 6886 // CNNVD: CNNVD-200312-441 // NVD: CVE-2003-1451

CREDITS

SNS Advisory※ snsadv@lac.co.jp

Trust: 0.6

sources: CNNVD: CNNVD-200312-441

SOURCES

db:	VULHUB	id:	VHN-8276
db:	BID	id:	6886
db:	CNNVD	id:	CNNVD-200312-441
db:	NVD	id:	CVE-2003-1451

LAST UPDATE DATE

2024-08-14T15:31:13.424000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-8276	date:	2017-07-29T00:00:00
db:	BID	id:	6886	date:	2003-02-19T00:00:00
db:	CNNVD	id:	CNNVD-200312-441	date:	2003-12-31T00:00:00
db:	NVD	id:	CVE-2003-1451	date:	2017-07-29T01:29:12.420

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-8276	date:	2003-12-31T00:00:00
db:	BID	id:	6886	date:	2003-02-19T00:00:00
db:	CNNVD	id:	CNNVD-200312-441	date:	2003-02-19T00:00:00
db:	NVD	id:	CVE-2003-1451	date:	2003-12-31T05:00:00