Buffer Overflow in Symantec Norton Products via ActiveX Control
CVE-2008-0312

Currently unrated

Key Information:

Vendor: Symantec
Status: Norton 360; Norton Antivirus; Norton Internet Security; Norton System Works
Vendor: CVE Published:; 8 April 2008

Summary

The stack-based buffer overflow vulnerability resides in the AutoFix Support Tool ActiveX control (version 2.7.0.1) within SYMADATA.DLL for various Symantec Norton products. This flaw enables remote attackers to execute arbitrary code when a specially crafted argument is passed to the vulnerable GetEventLogInfo method. The affected products include multiple versions of Norton Antivirus, Internet Security, and System Works from 2006 through 2008. The exploitation of this vulnerability poses serious security risks, as it can allow unauthorized access and control over the affected systems.

References

http://www.securitytracker.com/id?1019753

vdb-entryx_refsource_SECTRACK

http://securityresponse.symantec.com/avcenter/security/Co...

x_refsource_CONFIRM

http://www.securitytracker.com/id?1019751

vdb-entryx_refsource_SECTRACK

EPSS Score

22% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 8, 2008
Vulnerability Reserved
Jan 16, 2008