ID

VAR-201002-0080

CVE

CVE-2010-0107

TITLE

Symantec N360 Such as SYMLTCOM.dll Vulnerable to buffer overflow

DESCRIPTION

Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. NOTE: this is only a vulnerability if the attacker can "masquerade as an authorized site.". Multiple Symantec products are prone to a stack-based buffer-overflow vulnerability because the applications utilize an ActiveX control that fails to adequately validate user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions. Remote Attacker An attacker can pass an unidentified vector, causing a denial of service. ---------------------------------------------------------------------- Public Beta of CSI and WSUS Integration http://secunia.com/blog/74 ---------------------------------------------------------------------- TITLE: Symantec Products "SYMLTCOM.dll" ActiveX Control Buffer Overflow SECUNIA ADVISORY ID: SA38654 VERIFY ADVISORY: http://secunia.com/advisories/38654/ DESCRIPTION: A vulnerability has been reported in some Symantec products, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error in the SYMLTCOM.dll ActiveX control, which can be exploited to cause e.g. a stack-based buffer overflow when a user visits a specially crafted web page. Successful exploitation allows execution of arbitrary code, but is limited to a certain unspecified domain. Symantec Client Security 3.0.x: Update to SCS 3.1 MR9. Symantec Client Security 3.1.x: Update to MR9. PROVIDED AND/OR DISCOVERED BY: The vendor credits FrSIRT. ORIGINAL ADVISORY: Symantec SYM10-003: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_01 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . VUPEN Security Research - Symantec Products "SYMLTCOM.dll" Buffer Overflow Vulnerability http://www.vupen.com/english/research.php I. DESCRIPTION --------------------- VUPEN Vulnerability Research Team discovered a vulnerability in various Symantec security products. II. CREDIT -------------- The vulnerabilities were discovered by VUPEN Security V. ABOUT VUPEN Security --------------------------------- VUPEN is a leading IT security research company providing vulnerability management services to allow enterprises and organizations to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. VUPEN also provides research services for security vendors (antivirus, IDS, IPS,etc) to supplement their internal vulnerability research efforts and quickly develop vulnerability-based and exploit-based signatures, rules, and filters, and proactively protect their customers against potential threats. * VUPEN Vulnerability Notification Service: http://www.vupen.com/english/services * VUPEN Exploits and In-Depth Vulnerability Analysis: http://www.vupen.com/exploits VI. REFERENCES ---------------------- http://www.vupen.com/english/advisories/2010/0411 http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_01 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0107 VII. DISCLOSURE TIMELINE ----------------------------------- 2008-04-07 - Vendor notified 2008-04-08 - Vendor response 2008-05-09 - Status update received 2008-06-10 - Status update received 2008-12-05 - Status update received 2010-02-18 - Patches available, public disclosure

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

buffer overflow

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

FrSIRT

SOURCES

LAST UPDATE DATE

2024-11-23T22:53:42.892000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE