Vulnerabilities > Symantec > Antivirus Scan Engine

DATE CVE VULNERABILITY TITLE RISK
2007-10-05 CVE-2007-3699 Remote vulnerability in Symantec AntiVirus Malformed CAB and RAR Compression
The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header.
network
symantec
critical
9.3
2007-10-05 CVE-2007-0447 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Symantec products
Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives.
network
symantec CWE-119
critical
9.3
2006-04-25 CVE-2006-0232 Remote vulnerability in Symantec Antivirus Scan Engine 5.0.0.24
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests.
network
low complexity
symantec
5.0
2006-04-25 CVE-2006-0231 Remote vulnerability in Symantec Antivirus Scan Engine 5.0.0.24
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications.
network
low complexity
symantec
6.4
2006-04-25 CVE-2006-0230 Remote vulnerability in Symantec Antivirus Scan Engine 5.0.0.24
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests.
network
low complexity
symantec
critical
10.0
2005-10-14 CVE-2005-3217 Unspecified vulnerability in Symantec Antivirus Scan Engine
Multiple interpretation error in unspecified versions of Symantec Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
network
high complexity
symantec
5.1
2005-10-05 CVE-2005-2758 Buffer Overflow vulnerability in Symantec products
Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow.
network
low complexity
symantec
critical
10.0
2005-05-02 CVE-2005-1346 Denial-Of-Service vulnerability in Web Security
Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote attackers to cause a denial of service (component crash) and avoid detection via a crafted RAR file.
network
high complexity
symantec
2.6
2005-02-08 CVE-2005-0249 Unspecified vulnerability in Symantec products
Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header.
network
low complexity
symantec
7.5
2004-04-15 CVE-2004-0217 Link Following vulnerability in Symantec Antivirus Scan Engine 4.0/4.3
The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log.
local
high complexity
symantec CWE-59
7.0