Stack-Based Buffer Overflow in Symantec AntiVirus and Client Security
CVE-2007-3771

Currently unrated

Key Information:

Vendor: Symantec
Status: Client Security; Norton Antivirus
Vendor: CVE Published:; 15 July 2007

Summary

A stack-based buffer overflow in the Internet E-mail Auto-Protect feature of Symantec AntiVirus Corporate Edition prior to version 10.1 and Client Security before version 3.1 can be exploited by local users. The vulnerability arises when an attacker sends an outbound SMTP email containing overly long headers for the 'To', 'From', or 'Subject' fields. This can lead to unexpected behavior, including service crashes, and consequently disrupt email processing.

References

http://securitytracker.com/id?1018371

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/26036

third-party-advisoryx_refsource_SECUNIA

http://securitytracker.com/id?1018367

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jul 15, 2007
Vulnerability Reserved
Jul 15, 2007