Stack-based Buffer Overflow in SymSpamHelper ActiveX Component of Norton AntiSpam 2004
CVE-2004-0363

Currently unrated

Key Information:

Vendor: Symantec
Status: Norton Antispam
Vendor: CVE Published:; 15 April 2004

Summary

A stack-based buffer overflow vulnerability exists in the SymSpamHelper ActiveX component (symspam.dll) used in Norton AntiSpam 2004 and Norton Internet Security 2004. This flaw allows remote attackers to exploit the LaunchCustomRuleWizard method by sending a specially crafted long parameter. Such an exploitation could lead to arbitrary code execution on the target system, posing significant security risks.

References

http://marc.info/?l=bugtraq&m=107980262324362&w=2

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/11169

third-party-advisoryx_refsource_SECUNIA

http://www.nextgenss.com/advisories/antispam.txt

x_refsource_MISC

EPSS Score

72% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 15, 2004
Vulnerability Reserved
Mar 19, 2004