Remote Code Execution Vulnerability in Symantec Norton Products
CVE-2008-0313

Currently unrated

Key Information:

Vendor: Symantec
Status: Norton Internet Security; Norton Antivirus; System Works; Norton 360
Vendor: CVE Published:; 8 April 2008

Summary

A design flaw in the ActiveDataInfo.LaunchProcess method within the ActiveX control of multiple Norton products allows remote attackers to execute arbitrary code. The vulnerability arises from improper location determination of the AutoFix Tool, potentially allowing exploitation via remote WebDAV or SMB shares. Users are urged to update their software to mitigate risks associated with this vulnerability.

References

http://www.securitytracker.com/id?1019753

vdb-entryx_refsource_SECTRACK

http://securityresponse.symantec.com/avcenter/security/Co...

x_refsource_CONFIRM

http://www.securitytracker.com/id?1019751

vdb-entryx_refsource_SECTRACK

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 8, 2008
Vulnerability Reserved
Jan 16, 2008