Details of VAR-200408-0157

ID

VAR-200408-0157

CVE

CVE-2004-0487

TITLE

Symantec Norton AntiVirus ActiveX Control Remote Code Execution Vulnerability

Trust: 0.9

sources: BID: 10392 // CNNVD: CNNVD-200408-143

DESCRIPTION

A certain ActiveX control in Symantec Norton AntiVirus 2004 allows remote attackers to cause a denial of service (resource consumption) and possibly execute arbitrary programs. Symantec's Norton AntiVirus Exists in unspecified vulnerabilities.None. Symantec Norton AntiVirus is prone to a remote code execution vulnerability. The ActiveX control contained in Symantec Norton AntiVirus does not properly validate external input. To successfully exploit this vulnerability, the executable must be on the local system, and its location needs to be known to the attacker

Trust: 2.7

sources: NVD: CVE-2004-0487 // CERT/CC: VU#312510 // JVNDB: JVNDB-2004-000910 // BID: 10392 // VULHUB: VHN-8917

AFFECTED PRODUCTS

vendor:	symantec	model:	norton antivirus	scope:	eq	version:	2.1	Trust: 1.6
vendor:	symantec	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	シマンテック	model:	norton antivirus	scope:	eq	version:	-	Trust: 0.8
vendor:	シマンテック	model:	norton antivirus	scope:	eq	version:	2.1	Trust: 0.8
vendor:	シマンテック	model:	norton antivirus	scope:	-	version:	-	Trust: 0.8
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	2004	Trust: 0.3

sources: CERT/CC: VU#312510 // BID: 10392 // JVNDB: JVNDB-2004-000910 // CNNVD: CNNVD-200408-143 // NVD: CVE-2004-0487

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0487
value:	HIGH
Trust: 1.0
CARNEGIE MELLON:	VU#312510
value:	3.94
Trust: 0.8
NVD:	CVE-2004-0487
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200408-143
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-8917
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-0487
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-8917
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#312510 // VULHUB: VHN-8917 // JVNDB: JVNDB-2004-000910 // CNNVD: CNNVD-200408-143 // NVD: CVE-2004-0487

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2004-000910 // NVD: CVE-2004-0487

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200408-143

TYPE

Design Error

Trust: 0.9

sources: BID: 10392 // CNNVD: CNNVD-200408-143

EXTERNAL IDS

db:	NVD	id:	CVE-2004-0487	Trust: 3.6
db:	SECUNIA	id:	11676	Trust: 3.3
db:	CERT/CC	id:	VU#312510	Trust: 3.3
db:	BID	id:	10392	Trust: 2.8
db:	OSVDB	id:	6303	Trust: 1.7
db:	SECTRACK	id:	1010249	Trust: 0.8
db:	JVNDB	id:	JVNDB-2004-000910	Trust: 0.8
db:	CNNVD	id:	CNNVD-200408-143	Trust: 0.7
db:	CIAC	id:	O-149	Trust: 0.6
db:	BUGTRAQ	id:	20040521 [SNS ADVISORY NO.72] SYMANTEC NORTON ANTIVIRUS 2004 ACTIVEX CONTROL VULNERABILITY	Trust: 0.6
db:	XF	id:	16220	Trust: 0.6
db:	VULHUB	id:	VHN-8917	Trust: 0.1

sources: CERT/CC: VU#312510 // VULHUB: VHN-8917 // BID: 10392 // JVNDB: JVNDB-2004-000910 // CNNVD: CNNVD-200408-143 // NVD: CVE-2004-0487

REFERENCES

url:	http://www.lac.co.jp/security/csl/intelligence/snsadvisory_e/72_e.html	Trust: 2.5
url:	http://www.securityfocus.com/bid/10392	Trust: 2.5
url:	http://www.kb.cert.org/vuls/id/312510	Trust: 2.5
url:	http://www.ciac.org/ciac/bulletins/o-149.shtml	Trust: 2.5
url:	http://secunia.com/advisories/11676	Trust: 2.5
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/16220	Trust: 1.9
url:	http://marc.info/?l=bugtraq&m=108515369718455&w=2	Trust: 1.8
url:	http://www.symantec.com/avcenter/security/content/2004.05.20.html	Trust: 1.7
url:	http://www.osvdb.org/6303	Trust: 1.7
url:	http://www.sarc.com/avcenter/security/content/2004.05.20.html	Trust: 0.8
url:	http://secunia.com/advisories/11676/	Trust: 0.8
url:	http://www.securitytracker.com/alerts/2004/may/1010249.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2004-0487	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/16220	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=108515369718455&w=2	Trust: 0.6
url:	http://securityresponse.symantec.com/avcenter/security/content/2004.05.20.html	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=108515369718455&w=2	Trust: 0.1

sources: CERT/CC: VU#312510 // VULHUB: VHN-8917 // BID: 10392 // JVNDB: JVNDB-2004-000910 // CNNVD: CNNVD-200408-143 // NVD: CVE-2004-0487

CREDITS

Yuu Arai

Trust: 0.6

sources: CNNVD: CNNVD-200408-143

SOURCES

db:	CERT/CC	id:	VU#312510
db:	VULHUB	id:	VHN-8917
db:	BID	id:	10392
db:	JVNDB	id:	JVNDB-2004-000910
db:	CNNVD	id:	CNNVD-200408-143
db:	NVD	id:	CVE-2004-0487

LAST UPDATE DATE

2024-08-14T15:04:47.576000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#312510	date:	2004-05-21T00:00:00
db:	VULHUB	id:	VHN-8917	date:	2017-07-11T00:00:00
db:	BID	id:	10392	date:	2009-07-12T05:16:00
db:	JVNDB	id:	JVNDB-2004-000910	date:	2024-06-04T08:57:00
db:	CNNVD	id:	CNNVD-200408-143	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-0487	date:	2017-07-11T01:30:12.213

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#312510	date:	2004-05-21T00:00:00
db:	VULHUB	id:	VHN-8917	date:	2004-08-18T00:00:00
db:	BID	id:	10392	date:	2004-05-20T00:00:00
db:	JVNDB	id:	JVNDB-2004-000910	date:	2024-06-04T00:00:00
db:	CNNVD	id:	CNNVD-200408-143	date:	2004-05-24T00:00:00
db:	NVD	id:	CVE-2004-0487	date:	2004-08-18T04:00:00