Vulnerabilities > Symantec > Norton Antivirus > High

DATE CVE VULNERABILITY TITLE RISK
2007-06-05 CVE-2007-3021 Remote Privilege Escalation vulnerability in Symantec Client Security, Norton Antivirus and Reporting Server
Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export.
network
low complexity
symantec
7.5
2007-05-11 CVE-2006-3456 Code Injection vulnerability in Symantec products
The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting.
network
symantec CWE-94
8.5
2006-09-14 CVE-2006-3454 Local Format String vulnerability in Symantec Client Security and Norton Antivirus
Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages.
local
low complexity
symantec
7.2
2005-10-21 CVE-2005-3270 Local Privilege Escalation vulnerability in Symantec Norton Antivirus 9.0.3
Untrusted search path vulnerability in DiskMountNotify for Symantec Norton AntiVirus 9.0.3 allows local users to gain privileges by modifying the PATH to reference a malicious (1) ps or (2) grep file.
local
low complexity
symantec
7.2
2005-10-20 CVE-2005-2759 Local Privilege Escalation vulnerability in Symantec Norton Antivirus 9.0.3
** SPLIT ** The jlucaller program in LiveUpdate for Symantec Norton AntiVirus 9.0.3 on Macintosh runs setuid when executing Java programs, which allows local users to gain privileges.
local
low complexity
symantec
7.2
2005-02-08 CVE-2005-0249 Unspecified vulnerability in Symantec products
Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header.
network
low complexity
symantec
7.5
2004-02-03 CVE-2003-0994 Unspecified vulnerability in Symantec products
The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges.
local
low complexity
symantec
7.2
2003-03-31 CVE-2002-1540 Unspecified vulnerability in Symantec Norton Antivirus Corporate7.5/Corporate7.51/Corporate7.6
The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32.
local
low complexity
symantec
7.2
2002-12-31 CVE-2002-2206 Local Denial of Service vulnerability in Symantec Norton Antivirus 2001
The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows local users to cause a denial of service (CPU consumption and crash) via a long username with multiple /localhost entries.
network
low complexity
symantec
7.8
2002-08-12 CVE-2002-0485 Improper Handling of Case Sensitivity vulnerability in Symantec Norton Antivirus
Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients.
network
low complexity
symantec CWE-178
7.5