Vulnerabilities > Symantec > Norton Antivirus

DATE CVE VULNERABILITY TITLE RISK
2012-08-22 CVE-2010-3497 Permissions, Privileges, and Access Controls vulnerability in Symantec Norton Antivirus 2011
Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution.
network
low complexity
symantec CWE-264
6.4
2010-02-23 CVE-2010-0107 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Symantec products
Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
network
symantec CWE-119
critical
9.3
2009-09-08 CVE-2009-3104 Resource Management Errors vulnerability in Symantec products
Unspecified vulnerability in Symantec Norton AntiVirus 2005 through 2008; Norton Internet Security 2005 through 2008; AntiVirus Corporate Edition 9.0 before MR7, 10.0, 10.1 before MR8, and 10.2 before MR3; and Client Security 2.0 before MR7, 3.0, and 3.1 before MR8; when Internet Email Scanning is installed and enabled, allows remote attackers to cause a denial of service (CPU consumption and persistent connection loss) via unknown attack vectors.
network
symantec CWE-399
4.3
2008-04-08 CVE-2008-0313 Remote Share 'launchProcess()' Insecure Method vulnerability in Symantec AutoFix Tool ActiveX Control
The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, does not properly determine the location of the AutoFix Tool, which allows remote attackers to execute arbitrary code via a remote (1) WebDAV or (2) SMB share.
network
symantec
6.8
2008-04-08 CVE-2008-0312 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Symantec products
Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method.
network
microsoft symantec CWE-119
critical
9.3
2007-11-05 CVE-2007-5829 Permissions, Privileges, and Access Controls vulnerability in Symantec Norton Antivirus and Norton Internet Security
The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet Security for Macintosh 3.x, uses a directory with weak permissions (group writable), which allows local admin users to gain root privileges by replacing unspecified files, which are executed when a user with physical access inserts a disk and the "Show Progress During Mount Scans" option is enabled.
local
high complexity
symantec CWE-264
6.0
2007-10-05 CVE-2007-3699 Remote vulnerability in Symantec AntiVirus Malformed CAB and RAR Compression
The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header.
network
symantec
critical
9.3
2007-10-05 CVE-2007-0447 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Symantec products
Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives.
network
symantec CWE-119
critical
9.3
2007-08-09 CVE-2007-2955 Remote Code Execution vulnerability in Symantec products
Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton AntiVirus, Internet Security, and System Works products for 2006, allows remote attackers to execute arbitrary code via (1) the AnomalyList property to AxSysListView32 and (2) Anomaly property to AxSysListView32OAA.
network
symantec
6.8
2007-07-16 CVE-2007-3800 Local Privilege Escalation vulnerability in Symantec Client Security and Norton Antivirus
Unspecified vulnerability in the Real-time scanner (RTVScan) component in Symantec AntiVirus Corporate Edition 9.0 through 10.1 and Client Security 2.0 through 3.1, when the Notification Message window is enabled, allows local users to gain privileges via crafted code.
local
high complexity
symantec
6.0