Details of VAR-200412-0566

ID

VAR-200412-0566

CVE

CVE-2004-2147

TITLE

Symantec Norton AntiVirus Malformed Email Service Rejection Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200412-176

DESCRIPTION

Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook allow attackers to cause a denial of service (crash) via malformed e-mail messages (1) without a body or (2) without a carriage return ("\n") separating the headers from the body. It is alleged that Symantec Norton AntiVirus is prone to a denial of service vulnerability. The discoverer of this issue reports that when a malformed email is received through Microsoft Outlook and Norton AntiVirus attempts to process this email, the Norton AntiVirus application will crash. Symantec is currently investigating this report; this BID will be updated as soon as this investigation is complete. It should also be noted that the discoverer of the issue has not provided any details about which versions may be affected by this issue, version information will be updated appropriately when this issue is investigated further

Trust: 1.26

sources: NVD: CVE-2004-2147 // BID: 11259 // VULHUB: VHN-10575

AFFECTED PRODUCTS

vendor:	symantec	model:	norton antivirus	scope:	eq	version:	corporate_7.5	Trust: 1.6
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	2002	Trust: 1.6
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	corporate_7.60.build_926	Trust: 1.6
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	2001	Trust: 1.6
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	2.1	Trust: 1.6
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	corporate_7.0	Trust: 1.6
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	2003	Trust: 1.6
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	corporate_7.51	Trust: 1.6
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	corporate_7.6	Trust: 1.6
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	corporate_7.2	Trust: 1.6
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	professional_2002	Trust: 1.0
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	professional_2004	Trust: 1.0
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	corporate_7.61	Trust: 1.0
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	professional_2001	Trust: 1.0
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	professional_2003	Trust: 1.0
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	corporate_8.0	Trust: 1.0
vendor:	symantec	model:	norton antivirus corporate edition	scope:	eq	version:	8.0	Trust: 0.3
vendor:	symantec	model:	norton antivirus corporate edition	scope:	eq	version:	7.61	Trust: 0.3
vendor:	symantec	model:	norton antivirus corporate edition	scope:	eq	version:	7.51	Trust: 0.3
vendor:	symantec	model:	norton antivirus corporate edition	scope:	eq	version:	7.6	Trust: 0.3
vendor:	symantec	model:	norton antivirus corporate edition	scope:	eq	version:	7.5	Trust: 0.3
vendor:	symantec	model:	norton antivirus corporate edition	scope:	eq	version:	7.2	Trust: 0.3
vendor:	symantec	model:	norton antivirus corporate edition	scope:	eq	version:	7.0	Trust: 0.3
vendor:	symantec	model:	norton antivirus corporate edition 7.60.build	scope:	eq	version:	926	Trust: 0.3
vendor:	symantec	model:	norton antivirus professional edition	scope:	eq	version:	2004	Trust: 0.3
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	2004	Trust: 0.3
vendor:	symantec	model:	norton antivirus professional edition	scope:	eq	version:	2003	Trust: 0.3
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	20030	Trust: 0.3
vendor:	symantec	model:	norton antivirus professional edition	scope:	eq	version:	2002	Trust: 0.3
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	20020	Trust: 0.3
vendor:	symantec	model:	norton antivirus professional edition	scope:	eq	version:	2001	Trust: 0.3
vendor:	symantec	model:	norton antivirus	scope:	eq	version:	20010	Trust: 0.3

sources: BID: 11259 // CNNVD: CNNVD-200412-176 // NVD: CVE-2004-2147

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-2147
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200412-176
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-10575
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2004-2147
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-10575
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-10575 // CNNVD: CNNVD-200412-176 // NVD: CVE-2004-2147

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-2147

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-176

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200412-176

EXTERNAL IDS

db:	BID	id:	11259	Trust: 2.0
db:	NVD	id:	CVE-2004-2147	Trust: 1.7
db:	CNNVD	id:	CNNVD-200412-176	Trust: 0.7
db:	VULN-DEV	id:	20040925 NO BODY EMAILS AND NORTON ANTIVIRUS	Trust: 0.6
db:	VULHUB	id:	VHN-10575	Trust: 0.1

sources: VULHUB: VHN-10575 // BID: 11259 // CNNVD: CNNVD-200412-176 // NVD: CVE-2004-2147

REFERENCES

url:	http://www.securityfocus.com/archive/82/376487/2004-09-24/2004-09-30/0	Trust: 2.0
url:	http://www.securityfocus.com/bid/11259	Trust: 1.7
url:	http://www.symantec.com	Trust: 0.3

sources: VULHUB: VHN-10575 // BID: 11259 // CNNVD: CNNVD-200412-176 // NVD: CVE-2004-2147

CREDITS

Discovery of this vulnerability is credited to Zero <zerozero@controcultura.net>.

Trust: 0.9

sources: BID: 11259 // CNNVD: CNNVD-200412-176

SOURCES

db:	VULHUB	id:	VHN-10575
db:	BID	id:	11259
db:	CNNVD	id:	CNNVD-200412-176
db:	NVD	id:	CVE-2004-2147

LAST UPDATE DATE

2024-08-14T15:20:12.920000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-10575	date:	2008-09-05T00:00:00
db:	BID	id:	11259	date:	2004-09-27T00:00:00
db:	CNNVD	id:	CNNVD-200412-176	date:	2006-05-01T00:00:00
db:	NVD	id:	CVE-2004-2147	date:	2008-09-05T20:43:19.767

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-10575	date:	2004-12-31T00:00:00
db:	BID	id:	11259	date:	2004-09-27T00:00:00
db:	CNNVD	id:	CNNVD-200412-176	date:	2004-12-31T00:00:00
db:	NVD	id:	CVE-2004-2147	date:	2004-12-31T05:00:00