Vulnerabilities > Symantec > Norton Internet Security > High

DATE CVE VULNERABILITY TITLE RISK
2007-09-24 CVE-2007-5047 Improper Input Validation vulnerability in Symantec Norton Internet Security 200815.0.0.60
Norton Internet Security 2008 15.0.0.60 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the NtOpenSection kernel SSDT hook.
local
low complexity
symantec CWE-20
7.2
2007-05-11 CVE-2006-3456 Code Injection vulnerability in Symantec products
The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting.
network
symantec CWE-94
8.5
2005-02-08 CVE-2005-0249 Unspecified vulnerability in Symantec products
Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header.
network
low complexity
symantec
7.5
2004-04-15 CVE-2004-0364 Remote Command Execution vulnerability in Symantec Norton Internet Security 2004
The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers to execute arbitrary programs via the LaunchURL method.
network
low complexity
symantec
7.5
2004-02-03 CVE-2003-0994 Unspecified vulnerability in Symantec products
The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges.
local
low complexity
symantec
7.2
2002-07-26 CVE-2002-0663 Buffer Overflow vulnerability in Symantec Norton Personal Firewall/Internet Security 2001
Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Firewall 3.0.4.91 and Norton Internet Security 2001 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large outgoing HTTP request.
network
low complexity
symantec
7.5