Heap-Based Buffer Overflow in Symantec Products
CVE-2007-0447

Currently unrated

Key Information:

Vendor: Symantec
Status: Mail Security; Client Security; Norton Antivirus; Norton Internet Security
Vendor: CVE Published:; 5 October 2007

Summary

The vulnerability involves a heap-based buffer overflow in the Decomposer component of several Symantec products. This flaw can be exploited by remote attackers who craft specific CAB archives, potentially leading to arbitrary code execution on the affected system. Such vulnerabilities pose a significant risk, as they enable unauthorized control over the system’s execution flow.

References

http://secunia.com/advisories/26053

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2007/2508

vdb-entryx_refsource_VUPEN

http://osvdb.org/36118

vdb-entryx_refsource_OSVDB

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 5, 2007
Vulnerability Reserved
Jan 23, 2007